CVE-2017-7375

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: libxml2 (affected versions not specified)

Description: A flaw in libxml2 allows remote XML entity inclusion with default parser flags. This may expose a higher-risk attack surface, allowing access to content from local files, HTTP, or FTP servers. The vulnerability is related to insufficient restriction of XML links to external objects, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service using a specially crafted file.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XXE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-611

Related Identifiers

ALT-PU-2017-1240

BDU:2019-00235

CVE-2017-7375

DLA-1008-1

DSA-3952-1

MGASA-2018-0048

SUSE-SU-2017:1813-1

USN-3424-1

USN-3424-2

Affected Products

Alt Linux

Suse

Ubuntu

Libxml2

CVE-2017-7375

Weakness Enumeration

Related Identifiers

Affected Products

References · 120