Home

CVE-2017-9049

Description

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.458

Associated Vulnerability

VulnerabilityOS Platform
Update for iCloud (7.0.1.210)Windows
iCloud (7.7.0.27)Windows
Multiple vulnerabilities fixed in iCloud (7.17.0.13)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.4.76)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.0.166)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.1.14)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.2.58)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.4.80)Windows
Multiple vulnerabilities fixed in Apple Application Installer for iTunes (12.7.5.9)Windows
Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.0.166)Windows
Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.1.14)Windows
Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.2.58)Windows
Multiple vulnerabilities fixed in Update for Apple iTunes X64 (12.7.2.60)Windows
Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.3.46)Windows
Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.4.76)Windows
Multiple vulnerabilities fixed in Updates for Apple iTunes (X64) (12.7.4.80)Windows
Multiple vulnerabilities fixed in Apple iTunes (X64) (12.7.5.9)Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 10.0Windows
Multiple Vulnerabilities are affected in IBM Aspera Shares 1.10.1Windows
Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.9.0Windows
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.6 Combo Update - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.5 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.4 Combo Update - Reboot AutomaticallyMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.3 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2Mac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.2 Combo UpdateMac
Multiple vulnerabilities are fixed in macOS High Sierra 10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13.1Mac
Multiple vulnerabilities are fixed in Security Update 2017-001 macOS High Sierra v10.13Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-306436Update for iCloud (7.0.1.210)
PATCH-308202iCloud (7.7.0.27)
PATCH-312688iCloud (7.17.0.13)
PATCH-306388Update for Apple iTunes X64 (12.7.0.166)
PATCH-306603Update for Apple iTunes X64 (12.7.1.14)
PATCH-306795Update for Apple iTunes X64 (12.7.2.58)
PATCH-306828Update for Apple iTunes X64 (12.7.2.60)
PATCH-307024Updates for Apple iTunes (X64) (12.7.3.46)
PATCH-307343Updates for Apple iTunes (X64) (12.7.4.76)
PATCH-307418Updates for Apple iTunes (X64) (12.7.4.80)
PATCH-307618Apple iTunes (X64) (12.7.5.9)
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601563macOS High Sierra 10.13.6 Combo Update - Reboot Automatically
PATCH-601562macOS High Sierra 10.13.6 - Reboot Automatically
PATCH-601312Security Update 2017-001 macOS High Sierra v10.13.1
PATCH-601345Security Update 2017-001 macOS High Sierra v10.13

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234