Vulnerability CVE-2018-14404


Published: 2018-07-19

Description:
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Type:

CWE-476

(NULL Pointer Dereference)

Vendor: Xmlsoft
Product: Libxml2 
Version: 2.9.8;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.04
16.04
14.04
12.04
Vendor: Debian
Product: Debian linux 

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
https://bugzilla.redhat.com/show_bug.cgi?id=1595985
https://gitlab.gnome.org/GNOME/libxml2/issues/10
https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
https://usn.ubuntu.com/3739-1/
https://usn.ubuntu.com/3739-2/

Related CVE
CVE-2012-4385
letodms 3.3.6 has CSRF via change password
CVE-2012-4384
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
CVE-2011-0544
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.
CVE-2010-4533
offlineimap before 6.3.4 added support for SSL server certificate validation but it is still possible to use SSL v2 protocol, which is a flawed protocol with multiple security deficiencies.
CVE-2010-4532
offlineimap before 6.3.2 does not check for SSL server certificate validation when "ssl = yes" option is specified which can allow man-in-the-middle attacks.
CVE-2010-3844
An unchecked sscanf() call in ettercap 0.7.3 allows an insecure temporary settings file to overflow a static-sized buffer on the stack.
CVE-2010-3440
babiloo 2.0.9 before 2.0.11 creates temporary files with predictable names when downloading and unpacking dictionary files, allowing a local attacker to overwrite arbitrary files.
CVE-2010-3439
It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

Copyright 2019, cxsecurity.com

 

Back to Top