CVE-2017-9047
Description
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer buf of size size. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses len rather than the updated buffer length strlen(buf). This allows us to write about size many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Security Guardium 10.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.9.0 | Windows |
| libxml2 security update(DSA-3952-1) libxml2_2.9.1+dfsg1-5+deb8u5_i386.deb | Linux |
| libxml2 security update(DSA-3952-1) libxml2_2.9.4+dfsg1-2.2+deb9u1_i386.deb | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-9047) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234