PT-2013-1167 · Xmlsoft+5 · Libxml2+5

Publicado

2013-07-10

·

Atualizado

2026-03-13

·

CVE-2013-2877

CVSS v2.0

7.5

Alta

VetorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.0 libxml2 versions 2.7.6
Description The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML PARSER EOF state in parser.c. Exploitation of the vulnerabilities may lead to disruption of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely.
Recommendations For libxml2 versions 2.7.6, consider updating to a version prior to 2.9.0 to mitigate the risk. For libxml2 versions prior to 2.9.0, update to version 2.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the parser.c function until a patch is available.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-2345
BDU:2015-06384
BDU:2015-06385
BDU:2015-06387
BDU:2015-06389
BDU:2015-09022
BDU:2015-09023
BDU:2015-09024
BDU:2015-09025
BDU:2015-09713
CESA-2014_0513
CVE-2013-2877
DSA-2724-1
DSA-2779-1
MGASA-2013-0218
OPENSUSE-SU-2024:10549-1
OPENSUSE-SU-2024:11340-1
OPENSUSE-SU-2024:11912-1
OPENSUSE-SU-2024:13165-1
OPENSUSE-SU-2024:14174-1
OPENSUSE-SU-2025:14697-1
OPENSUSE-SU-2026:10356-1
RHSA-2014:0513
RHSA-2014_0513
SUSE-SU-2014_0150-1

Produtos afetados

Alt Linux
Centos
Junos
Red Hat
Suse
Libxml2