libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL     pointer dereference) via a crafted XML document. NOTE: The maintainer states I would disagree of a CVE     with the Recover parsing option which should only be used for manual recovery at least for XML parser.
    (CVE-2017-5969)

Note that Nessus relies on the presence of the package as reported by the vendor.

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with best practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus Network Monitor 6.2.2 updates the following components:

  - c-ares from version 1.10.0 to version 1.19.1.
  - curl from version 7.79.1 to version 8.1.2.
  - libbzip2 from version 1.0.6 to version 1.0.8.
  - libpcre from version 8.42 to version 8.44.
  - libxml2 from version 2.7.7 to version 2.11.1.
  - libxslt from version 1.1.26 to version 1.1.37.
  - libxmlsec from version 1.2.18 to version 1.2.37.
  - sqlite from version 3.27.2 to version 3.40.1.
  - jQuery Cookie from version 1.3.1 to version 1.4.1.
  - jQuery UI from version 1.13.0 to version 1.13.2.
  - OpenSSL from version 3.0.8 to version 3.0.9.

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2972 advisory.

    Five security issues have been discovered in libxml2: XML C parser and toolkit. CVE-2016-9318 Vulnerable     versions do not offer a flag directly indicating that the current document may be read but other files may     not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via     a crafted document. CVE-2017-5130 Integer overflow in memory debug code, allowed a remote attacker to     potentially exploit heap corruption via a crafted XML file. CVE-2017-5969 Parser in a recover mode allows     remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.
    CVE-2017-16932 When expanding a parameter entity in a DTD, infinite recursion could lead to an infinite     loop or memory exhaustion. CVE-2022-23308 the application that validates XML using xmlTextReaderRead()     with XML_PARSE_DTDATTR and XML_PARSE_DTDVALID enabled becomes vulnerable to this use-after-free bug. This     issue can result in denial of service. For Debian 9 stretch, these problems have been fixed in version     2.9.4+dfsg1-2.2+deb9u6. We recommend that you upgrade your libxml2 packages. For the detailed security     status of libxml2 please refer to its security tracker page at: https://security-     tracker.debian.org/tracker/libxml2 Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - The xmlBufAttrSerializeTxtContent function in xmlsave.c     in libxml2 allows context-dependent attackers to cause     a denial of service (out-of-bounds read and application     crash) via a non-UTF-8 attribute value, related to     serialization. NOTE: this vulnerability may be a     duplicate of CVE-2016-3627.(CVE-2016-4483)

  - xmlParseBalancedChunkMemoryRecover in parser.c in     libxml2 before 2.9.10 has a memory leak related to     newDoc->oldNs.(CVE-2019-19956)

  - dict.c in libxml2 allows remote attackers to cause a     denial of service (heap-based buffer over-read and     application crash) via an unexpected character     immediately after the '<!DOCTYPE html' substring in a     crafted HTML document.(CVE-2015-8806)

  - ** DISPUTED ** libxml2 2.9.4, when used in recover     mode, allows remote attackers to cause a denial of     service (NULL pointer dereference) via a crafted XML     document. NOTE: The maintainer states 'I would disagree     of a CVE with the Recover parsing option which should     only be used for manual recovery at least for XML     parser.'(CVE-2017-5969)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - This library allows to manipulate XML files. It     includes support to read, modify and write XML and HTML     files. There is DTDs support this includes parsing and     validation even with complex DtDs, either at parse time     or later once the document has been modified. The     output can be a simple SAX stream or and in-memory DOM     like representations. In this case one can use the     built-in XPath and XPointer implementation to select     sub nodes or ranges. A flexible Input/Output mechanism     is available, with existing HTTP and FTP modules and     combined to an URI library.Security Fix(es):** DISPUTED
    ** libxml2 2.9.4, when used in recover mode, allows     remote attackers to cause a denial of service (NULL     pointer dereference) via a crafted XML document. NOTE:
    The maintainer states 'I would disagree of a CVE with     the Recover parsing option which should only be used     for manual recovery at least for XML     parser.'(CVE-2017-5969)A NULL pointer dereference     vulnerability exists in the     xpath.c:xmlXPathCompOpEval() function of libxml2     through 2.9.8 when parsing an invalid XPath expression     in the XPATH_OP_AND or XPATH_OP_OR case. Applications     processing untrusted XSL format inputs with the use of     the libxml2 library may be vulnerable to a denial of     service attack due to a crash of the     application.(CVE-2018-14404)libxml2 2.9.8, if
    --with-lzma is used, allows remote attackers to cause a     denial of service (infinite loop) via a crafted XML     file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated     by xmllint, a different vulnerability than     CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)libxml2     20904-GITv2.9.4-16-g0741801 is vulnerable to a     heap-based buffer over-read in the     xmlDictComputeFastKey function in dict.c. This     vulnerability causes programs that use libxml2, such as     PHP, to crash. This vulnerability exists because of an     incomplete fix for libxml2 Bug     759398.(CVE-2017-9049)libxml2     20904-GITv2.9.4-16-g0741801 is vulnerable to a     stack-based buffer overflow. The function     xmlSnprintfElementContent in valid.c is supposed to     recursively dump the element content definition into a     char buffer 'buf' of size 'size'. At the end of the     routine, the function may strcat two more characters     without checking whether the current strlen(buf) + 2 <     size. This vulnerability causes programs that use     libxml2, such as PHP, to crash.(CVE-2017-9048)The     htmlParseTryOrFinish function in HTMLparser.c in     libxml2 2.9.4 allows attackers to cause a denial of     service (buffer over-read) or information     disclosure.(CVE-2017-8872)The xz_decomp function in     xzlib.c in libxml2 2.9.1 does not properly detect     compression errors, which allows context-dependent     attackers to cause a denial of service (process hang)     via crafted XML data.(CVE-2015-8035)The xz_head     function in xzlib.c in libxml2 before 2.9.6 allows     remote attackers to cause a denial of service (memory     consumption) via a crafted LZMA file, because the     decoder functionality does not restrict memory usage to     what is required for a legitimate file.(CVE-2017-18258)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A remote code execution vulnerability in libxml2 could     enable an attacker using a specially crafted file to     execute arbitrary code within the context of an     unprivileged process. This issue is rated as High due     to the possibility of remote code execution in an     application that uses this library. Product: Android.
    Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1,     7.1.2. Android ID: A-37104170.(CVE-2017-0663)

  - libxml2 2.9.8, if --with-lzma is used, allows remote     attackers to cause a denial of service (infinite loop)     via a crafted XML file that triggers     LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a     different vulnerability than CVE-2015-8035 and     CVE-2018-9251.(CVE-2018-14567)

  - The htmlParseTryOrFinish function in HTMLparser.c in     libxml2 2.9.4 allows attackers to cause a denial of     service (buffer over-read) or information     disclosure.(CVE-2017-8872)

  - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a     stack-based buffer overflow. The function     xmlSnprintfElementContent in valid.c is supposed to     recursively dump the element content definition into a     char buffer 'buf' of size 'size'. At the end of the     routine, the function may strcat two more characters     without checking whether the current strlen(buf) + 2 <     size. This vulnerability causes programs that use     libxml2, such as PHP, to crash.(CVE-2017-9048)

  - The xz_decomp function in xzlib.c in libxml2 2.9.1 does     not properly detect compression errors, which allows     context-dependent attackers to cause a denial of     service (process hang) via crafted XML     data.(CVE-2015-8035)

  - The xz_head function in xzlib.c in libxml2 before 2.9.6     allows remote attackers to cause a denial of service     (memory consumption) via a crafted LZMA file, because     the decoder functionality does not restrict memory     usage to what is required for a legitimate     file.(CVE-2017-18258)

  - ** DISPUTED ** libxml2 2.9.4, when used in recover     mode, allows remote attackers to cause a denial of     service (NULL pointer dereference) via a crafted XML     document. NOTE: The maintainer states 'I would disagree     of a CVE with the Recover parsing option which should     only be used for manual recovery at least for XML     parser.'(CVE-2017-5969)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - dict.c in libxml2 allows remote attackers to cause a     denial of service (heap-based buffer over-read and     application crash) via an unexpected character     immediately after the '<!DOCTYPE html' substring in a     crafted HTML document.(CVE-2015-8806)

  - libxml2 2.9.4, when used in recover mode, allows remote     attackers to cause a denial of service (NULL pointer     dereference) via a crafted XML document. NOTE: The     maintainer states 'I would disagree of a CVE with the     Recover parsing option which should only be used for     manual recovery at least for XML     parser.'(CVE-2017-5969)

  - The htmlParseTryOrFinish function in HTMLparser.c in     libxml2 2.9.4 allows attackers to cause a denial of     service (buffer over-read) or information     disclosure.(CVE-2017-8872)

  - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a     stack-based buffer overflow. The function     xmlSnprintfElementContent in valid.c is supposed to     recursively dump the element content definition into a     char buffer 'buf' of size 'size'. At the end of the     routine, the function may strcat two more characters     without checking whether the current strlen(buf) + 2 <     size. This vulnerability causes programs that use     libxml2, such as PHP, to crash.(CVE-2017-9048)

  - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a     heap-based buffer over-read in the     xmlDictComputeFastKey function in dict.c. This     vulnerability causes programs that use libxml2, such as     PHP, to crash. This vulnerability exists because of an     incomplete fix for libxml2 Bug 759398.(CVE-2017-9049)

  - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a     heap-based buffer over-read in the xmlDictAddString     function in dict.c. This vulnerability causes programs     that use libxml2, such as PHP, to crash. This     vulnerability exists because of an incomplete fix for     CVE-2016-1839.(CVE-2017-9050)

  - The xz_decomp function in xzlib.c in libxml2 2.9.8, if
    --with-lzma is used, allows remote attackers to cause a     denial of service (infinite loop) via a crafted XML     file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated     by xmllint, a different vulnerability than     CVE-2015-8035.(CVE-2018-9251)

  - libxml2 2.9.8, if --with-lzma is used, allows remote     attackers to cause a denial of service (infinite loop)     via a crafted XML file that triggers     LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a     different vulnerability than CVE-2015-8035 and     CVE-2018-9251.(CVE-2018-14567)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the libxml2 package has been released.

An update of [cairo,openvswitch,libxml2,go] packages for PhotonOS has been released.

The remote host is affected by the vulnerability described in GLSA-201711-01 (libxml2: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libxml2. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote attacker, by enticing a user to process a specially crafted XML       document, could remotely execute arbitrary code, conduct XML External       Entity (XXE) attacks, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote host is running Mac OS X 10.11.6 or Mac OS X 10.12.6 and is missing a security update. It is therefore, affected by multiple vulnerabilities affecting the following components :

  - 802.1X
  - apache
  - AppleScript
  - ATS
  - Audio
  - CFString
  - CoreText
  - curl
  - Dictionary Widget
  - file
  - Fonts
  - fsck_msdos
  - HFS
  - Heimdal
  - HelpViewer
  - ImageIO
  - Kernel
  - libarchive
  - Open Scripting Architecture
  - PCRE
  - Postfix
  - Quick Look
  - QuickTime
  - Remote Management
  - Sandbox
  - StreamingZip
  - tcpdump
  - Wi-Fi

This update for libxml2 fixes the following issues: Security issues fixed :

  - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID     (bsc#1044337)

  - CVE-2017-5969: Fixed a NULL pointer deref in     xmlDumpElementContent (bsc#1024989)

  - CVE-2017-7375: Prevented an unwanted external entity     reference (bsc#1044894)

  - CVE-2017-7376: Increase buffer space for port in HTTP     redirect support (bsc#1044887)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for libxml2 fixes the following issues :

Security issues fixed :

  - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID     (bsc#1044337)

  - CVE-2017-5969: Fixed a NULL pointer deref in     xmlDumpElementContent (bsc#1024989)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for libxml2 fixes the following issues: Security issues fixed :

  - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID     (bsc#1044337)

  - CVE-2017-5969: Fixed a NULL pointer deref in     xmlDumpElementContent (bsc#1024989)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to latest upstream release, includes several security related fixes.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
221599	Linux Distros Unpatched Vulnerability : CVE-2017-5969	Nessus	Misc.	medium
177842	Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)	Nessus	Misc.	critical
159615	Debian DLA-2972-1 : libxml2 - LTS security update	Nessus	Debian Local Security Checks	high
135636	EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1474)	Nessus	Huawei Local Security Checks	high
132161	EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2626)	Nessus	Huawei Local Security Checks	critical
131644	EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-2491)	Nessus	Huawei Local Security Checks	critical
130673	EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-2211)	Nessus	Huawei Local Security Checks	critical
121739	Photon OS 1.0: Libxml2 PHSA-2017-0039	Nessus	PhotonOS Local Security Checks	medium
111888	Photon OS 1.0: Cairo / Go / Libxml2 / Openvswitch PHSA-2017-0039 (deprecated)	Nessus	PhotonOS Local Security Checks	high
104492	GLSA-201711-01 : libxml2: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
104379	macOS and Mac OS X Multiple Vulnerabilities (Security Update 2017-001 and 2017-004)	Nessus	MacOS X Local Security Checks	critical
101351	SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1813-1)	Nessus	SuSE Local Security Checks	critical
101189	openSUSE Security Update : libxml2 (openSUSE-2017-754)	Nessus	SuSE Local Security Checks	high
101056	SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1670-1)	Nessus	SuSE Local Security Checks	high
99492	Fedora 24 : libxml2 (2017-be8574d593)	Nessus	Fedora Local Security Checks	critical
99491	Fedora 25 : libxml2 (2017-a3a47973eb)	Nessus	Fedora Local Security Checks	critical

Detections

Analytics

CVE-2017-5969

medium

Tenable Plugins

medium

critical

high

high

critical

critical

critical

medium

high

critical

critical

critical

high

high

critical

critical