CVE-2017-7376
Description
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
38.432
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in iCloud (7.17.0.13) | Windows |
| Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.4.76) | Windows |
| Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.0.166) | Windows |
| Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.1.14) | Windows |
| Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.2.58) | Windows |
| Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.4.80) | Windows |
| Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.5.9) | Windows |
| Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.0.166) | Windows |
| Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.1.14) | Windows |
| Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.2.58) | Windows |
| Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.2.60) | Windows |
| Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.3.46) | Windows |
| Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.4.76) | Windows |
| Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.4.80) | Windows |
| Multiple vulnerabilities fixed in Apple iTunes (X64) (12.7.5.9) | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.9.0 | Windows |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.5 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 Combo Update - Reboot Automatically | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 Combo Update | Mac |
| Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1 | Mac |
| Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1 | Mac |
| Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13 | Mac |
| libxml2 security update(DSA-3952-1) libxml2_2.9.1+dfsg1-5+deb8u5_i386.deb | Linux |
| libxml2 security update(DSA-3952-1) libxml2_2.9.4+dfsg1-2.2+deb9u1_i386.deb | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7376) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-312688 | iCloud (7.17.0.13) |
| PATCH-306388 | Update for Apple iTunes X64 (12.7.0.166) |
| PATCH-306603 | Update for Apple iTunes X64 (12.7.1.14) |
| PATCH-306795 | Update for Apple iTunes X64 (12.7.2.58) |
| PATCH-306828 | Update for Apple iTunes X64 (12.7.2.60) |
| PATCH-307024 | Updates for Apple iTunes (X64) (12.7.3.46) |
| PATCH-307343 | Updates for Apple iTunes (X64) (12.7.4.76) |
| PATCH-307418 | Updates for Apple iTunes (X64) (12.7.4.80) |
| PATCH-307618 | Apple iTunes (X64) (12.7.5.9) |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601563 | macOS High Sierra 10.13.6 Combo Update - Reboot Automatically |
| PATCH-601562 | macOS High Sierra 10.13.6 - Reboot Automatically |
| PATCH-601312 | Security Update 2017-001 macOS High Sierra v10.13.1 |
| PATCH-601345 | Security Update 2017-001 macOS High Sierra v10.13 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234