製品・ソフトウェアに関する情報

Vulnerability Search

ベンダー検索

Product/Service Search

JVN Vulnerability Search Top

->

JVN脆弱性詳細

libxml2 におけるバッファエラーの脆弱性

Title	libxml2 におけるバッファエラーの脆弱性
Summary	libxml2 には、バッファエラーの脆弱性が存在します。本脆弱性は、libxml2 Bug 759398 に対する修正が不完全だったことに起因する問題です。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 15, 2017, midnight
Registration Date	June 19, 2017, 6:10 p.m.
Last Update	June 19, 2017, 6:10 p.m.

CVSS3.0 : 重要
Score	7.5
Vector	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

xmlsoft.org

libxml2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-9049	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
National Vulnerability Database (NVD)
2	CVE-2017-9049	https://nvd.nist.gov/vuln/detail/CVE-2017-9049

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
xmlsoft.org
1	libxml2	http://www.xmlsoft.org/

その他

No	Name	URL
関連文書
1	Invalid writes and reads in libxml2	http://www.openwall.com/lists/oss-security/2017/05/15/1

Change Log

No	Changed Details	Date of change
0	[2017年06月19日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-9049

Summary	libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.
Publication Date	May 18, 2017, 3:29 p.m.
Registration Date	Jan. 26, 2021, 1:30 p.m.
Last Update	Nov. 21, 2024, 12:35 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.debian.org/security/2017/dsa-3952
2	http://www.debian.org/security/2017/dsa-3952
3	http://www.openwall.com/lists/oss-security/2017/05/15/1		Exploit Mailing List Patch Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2017/05/15/1		Exploit Mailing List Patch Third Party Advisory
5	http://www.securityfocus.com/bid/98601		Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/98601		Third Party Advisory VDB Entry
7	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
8	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
9	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
10	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
11	https://security.gentoo.org/glsa/201711-01
12	https://security.gentoo.org/glsa/201711-01

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html