parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
oryginał ENCVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HXmlsoft Libxml2
APPXmlsoft≤ 2.9.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje
Powiązane podatności
CVE-2024-40896CRITICAL9.1PL ✓ten sam produkt
XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX
CVE-2017-7376CRITICAL9.8ten sam produkt
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit ...
CVE-2017-7375CRITICAL9.8ten sam produkt
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not ...
CVE-2017-8872CRITICAL9.1ten sam produkt
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of servi...
CVE-2016-4658CRITICAL9.8ten sam produkt
xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and wat...