CVE-2017-8872 CRITICAL

Published: 2017-05-10 | Last Modified: 2026-06-17 | Status: Modified

Description

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

Additional Descriptions (1)

La función htmlParseTryOrFinish en HTMLparser.c en libxml2 2.9.4 permite a los atacantes causar una denegación de servicio (sobrelectura de búfer) o divulgación de información.

CVSS Metrics

Base Score: 9.1 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	NONE
Availability Impact	HIGH

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Type: Secondary

Exploitability Score: 3.9

Impact Score: 5.2

Base Score: 6.4 (MEDIUM)

AV:N/AC:L/Au:N/C:P/I:N/A:P

Access Vector	NETWORK
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	NONE
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 10.0

Impact Score: 4.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-125
134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	en CWE-125

Affected Products

Vendor	Product	Version	Update	Type
xmlsoft	libxml2	2.9.4	<built-in method update of dict object at 0x72a9b0b690c0>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*`

References

https://bugzilla.gnome.org/show_bug.cgi?id=775200
Source: [email protected]

Issue Tracking
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
Source: [email protected]
https://bugzilla.gnome.org/show_bug.cgi?id=775200
Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108