NVD Vulnerability Detail

CVE-2017-9047

Summary	A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.
Publication Date	May 18, 2017, 3:29 p.m.
Registration Date	Jan. 26, 2021, 1:30 p.m.
Last Update	Nov. 21, 2024, 12:35 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.debian.org/security/2017/dsa-3952
2	http://www.debian.org/security/2017/dsa-3952
3	http://www.openwall.com/lists/oss-security/2017/05/15/1	Exploit Mailing List Patch Third Party Advisory
4	http://www.openwall.com/lists/oss-security/2017/05/15/1	Exploit Mailing List Patch Third Party Advisory
5	http://www.securityfocus.com/bid/98599	Third Party Advisory VDB Entry
6	http://www.securityfocus.com/bid/98599	Third Party Advisory VDB Entry
7	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
8	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
9	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
10	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
11	https://security.gentoo.org/glsa/201711-01
12	https://security.gentoo.org/glsa/201711-01

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

JVN Vulnerability Information

libxml2 におけるバッファエラーの脆弱性

Title	libxml2 におけるバッファエラーの脆弱性
Summary	libxml2 には、バッファエラーの脆弱性が存在します。
Possible impacts	サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	May 15, 2017, midnight
Registration Date	June 19, 2017, 6:14 p.m.
Last Update	June 19, 2017, 6:14 p.m.

Affected System

xmlsoft.org

libxml2

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-9047	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
National Vulnerability Database (NVD)
2	CVE-2017-9047	https://nvd.nist.gov/vuln/detail/CVE-2017-9047

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
xmlsoft.org
1	Libxml2	http://www.xmlsoft.org/

その他

No	Name	URL
関連文書
1	Invalid writes and reads in libxml2	http://www.openwall.com/lists/oss-security/2017/05/15/1

Change Log

No	Changed Details	Date of change
0	[2017年06月19日] 掲載	Feb. 17, 2018, 10:37 a.m.