Home

CVE-2017-10672

Description

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
12.353

Associated Vulnerability

VulnerabilityOS Platform
Perl interface to the libxml2 library (USN-3494-1) libxml-libxml-perl_2.0108+dfsg-1ubuntu0.2_i386.debLinux
Perl interface to the libxml2 library (USN-3494-1) libxml-libxml-perl_2.0108+dfsg-1ubuntu0.2_amd64.debLinux
Perl interface to the libxml2 library (USN-3494-1) libxml-libxml-perl_2.0123+dfsg-1ubuntu0.1_i386.debLinux
Perl interface to the libxml2 library (USN-3494-1) libxml-libxml-perl_2.0123+dfsg-1ubuntu0.1_amd64.debLinux
Perl interface to the libxml2 library (USN-3494-1) libxml-libxml-perl_2.0128+dfsg-1ubuntu0.1_i386.debLinux
Perl interface to the libxml2 library (USN-3494-1) libxml-libxml-perl_2.0128+dfsg-1ubuntu0.1_amd64.debLinux
Perl interface to the libxml2 library (USN-3494-1) libxml-libxml-perl_2.0128+dfsg-3ubuntu0.1_i386.debLinux
Perl interface to the libxml2 library (USN-3494-1) libxml-libxml-perl_2.0128+dfsg-3ubuntu0.1_amd64.debLinux
libxml-libxml-perl security update(DSA-4042-1) libxml-libxml-perl_2.0128+dfsg-1+deb9u1_i386.debLinux
libxml-libxml-perl security update(DSA-4042-1) libxml-libxml-perl_2.0128+dfsg-1+deb9u1_amd64.debLinux
SUSE-SU-2018:0123-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-XML-LibXML-2.0019-6.3.5.x86_64.rpmLinux
SUSE-SU-2018:0123-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-XML-LibXML-debuginfo-2.0019-6.3.5.x86_64.rpmLinux
SUSE-SU-2018:0123-1(SUSE Linux Enterprise Desktop 12-SP2 ) perl-XML-LibXML-debugsource-2.0019-6.3.5.x86_64.rpmLinux
SUSE-SU-2018:0170-1(SUSE Linux Enterprise Server 11-SP4 ) perl-XML-LibXML-1.66-3.3.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234