CVE-2017-16932

Description

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

Risk Information

Base Score

7.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score

Exploitation Probability

20.684

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2017-16932,CVE-2017-9050 are fixed in Ruby-nokogiri 1.8.1	Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1	Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.9.0	Windows
SUSE-SU-2018:0395-1(SUSE Linux Enterprise Server 11-SP4 ) libxml2-2.7.6-0.77.10.1.x86_64.rpm	Linux
SUSE-SU-2018:0395-1(SUSE Linux Enterprise Server 11-SP4 ) libxml2-32bit-2.7.6-0.77.10.1.x86_64.rpm	Linux
SUSE-SU-2018:0395-1(SUSE Linux Enterprise Server 11-SP4 ) libxml2-doc-2.7.6-0.77.10.1.x86_64.rpm	Linux
SUSE-SU-2018:0395-1(SUSE Linux Enterprise Server 11-SP4 ) libxml2-python-2.7.6-0.77.10.1.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-32bit-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-32bit-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-debugsource-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-doc-2.9.4-46.54.3.noarch.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-debuginfo-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debuginfo-2.9.4-46.54.3.x86_64.rpm	Linux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debugsource-2.9.4-46.54.3.x86_64.rpm	Linux
Vulnerabilities CVE-2017-16932,CVE-2017-9050 are fixed in Ruby-nokogiri for Linux 1.8.1	Linux
Loop with Unreachable Exit Condition (Infinite Loop) Vulnerability (CVE-2017-16932)	NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234