CVE-2009-2416

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libxml2 versions 2.5.10 through 2.6.32 libxml version 1.8.17

Description The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, via crafted Notation or Enumeration attribute types in an XML file. This can be exploited remotely. The vulnerability is related to use-after-free errors and buffer data boundary issues.

Recommendations For libxml2 versions 2.5.10 through 2.6.32, update to a version newer than 2.7.3-r2 to resolve the issue. For libxml version 1.8.17, consider disabling the use of Notation or Enumeration attribute types in XML files until a patch is available. Restrict access to XML files to minimize the risk of exploitation.

Exploit

Fix

DoS

Use After Free

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-119

Related Identifiers

BDU:2015-02612

BDU:2015-02613

BDU:2015-09406

CVE-2009-2416

DSA-1859-1

DSA-1861-1

RHSA-2009:1206

RHSA-2009_1206

Affected Products

Red Hat

Vmware Vcenter

Libxml

Libxml2

CVE-2009-2416

Weakness Enumeration

Related Identifiers

Affected Products

References · 54