Vulnerability-Lookup

CVE-2017-5969 (GCVE-0-2017-5969)

Vulnerability from cvelistv5 – Published: 2017-04-11 16:00 – Updated: 2024-08-05 15:18 Disputed

Summary

libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://bugzilla.gnome.org/show_bug.cgi?id=778519	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2017/02/13/1	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2016/11/05/3	mailing-listx_refsource_MLIST
	https://security.gentoo.org/glsa/201711-01	vendor-advisoryx_refsource_GENTOO
	http://www.securityfocus.com/bid/96188	vdb-entryx_refsource_BID
	https://lists.debian.org/debian-lts-announce/2022…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:18:49.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
          },
          {
            "name": "[oss-security] 20170213 CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
          },
          {
            "name": "[oss-security] 20161105 CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
          },
          {
            "name": "GLSA-201711-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-01"
          },
          {
            "name": "96188",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96188"
          },
          {
            "name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-11-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-08T22:06:19.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
        },
        {
          "name": "[oss-security] 20170213 CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
        },
        {
          "name": "[oss-security] 20161105 CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
        },
        {
          "name": "GLSA-201711-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-01"
        },
        {
          "name": "96188",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96188"
        },
        {
          "name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-5969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=778519",
              "refsource": "MISC",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
            },
            {
              "name": "[oss-security] 20170213 CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
            },
            {
              "name": "[oss-security] 20161105 CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
            },
            {
              "name": "GLSA-201711-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-01"
            },
            {
              "name": "96188",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96188"
            },
            {
              "name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-5969",
    "datePublished": "2017-04-11T16:00:00.000Z",
    "dateReserved": "2017-02-12T00:00:00.000Z",
    "dateUpdated": "2024-08-05T15:18:49.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-293

Vulnerability from certfr_avis - Published: 2018-06-15 - Updated: 2018-06-15

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus Agent	Nessus Agent versions 7.0.3 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable TNS-2018-09 du 14 juin 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus Agent versions 7.0.3 et ant\u00e9rieures",
      "product": {
        "name": "Nessus Agent",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2017-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2015-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2016-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
    },
    {
      "name": "CVE-2017-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
    },
    {
      "name": "CVE-2015-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
    },
    {
      "name": "CVE-2017-7245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
    },
    {
      "name": "CVE-2016-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2014-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2017-1000061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
    },
    {
      "name": "CVE-2017-9048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2017-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2016-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
    },
    {
      "name": "CVE-2017-9050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2017-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2018-0733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0733"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2014-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
    },
    {
      "name": "CVE-2017-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
    },
    {
      "name": "CVE-2015-8380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2015-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2017-9049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2017-8872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2015-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
    },
    {
      "name": "CVE-2017-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
    }
  ],
  "initial_release_date": "2018-06-15T00:00:00",
  "last_revision_date": "2018-06-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-293",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nAgent. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Agent",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-09 du 14 juin 2018",
      "url": "https://www.tenable.com/security/tns-2018-09"
    }
  ]
}

CERTFR-2018-AVI-288

Vulnerability from certfr_avis - Published: 2018-06-14 - Updated: 2018-06-14

De multiples vulnérabilités ont été découvertes dans Tenable Nessus. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus	Nessus toutes versions antérieures à 7.1.1

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable TNS-2018-08 du 13 juin 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus toutes versions ant\u00e9rieures \u00e0 7.1.1",
      "product": {
        "name": "Nessus",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2017-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2015-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2016-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
    },
    {
      "name": "CVE-2017-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
    },
    {
      "name": "CVE-2015-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
    },
    {
      "name": "CVE-2017-7245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
    },
    {
      "name": "CVE-2016-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2014-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2017-1000061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
    },
    {
      "name": "CVE-2017-9048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2017-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2016-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
    },
    {
      "name": "CVE-2017-9050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2017-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2014-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
    },
    {
      "name": "CVE-2017-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
    },
    {
      "name": "CVE-2015-8380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2015-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2017-9049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2017-8872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2015-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
    },
    {
      "name": "CVE-2017-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
    }
  ],
  "initial_release_date": "2018-06-14T00:00:00",
  "last_revision_date": "2018-06-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-288",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-08 du 13 juin 2018",
      "url": "https://www.tenable.com/security/tns-2018-08"
    }
  ]
}

CERTFR-2023-AVI-0499

Vulnerability from certfr_avis - Published: 2023-06-30 - Updated: 2023-06-30

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Network Monitor. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus Network Monitor	Nessus Network Monitor versions antérieures à 6.2.2

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2023-23 du 29 juin 2023

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "Nessus Network Monitor",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2020-13871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
    },
    {
      "name": "CVE-2022-46908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46908"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2019-19317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19317"
    },
    {
      "name": "CVE-2020-24977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24977"
    },
    {
      "name": "CVE-2012-5134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
    },
    {
      "name": "CVE-2016-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
    },
    {
      "name": "CVE-2022-27781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27781"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2016-9596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9596"
    },
    {
      "name": "CVE-2021-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
    },
    {
      "name": "CVE-2013-0338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2021-3537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
    },
    {
      "name": "CVE-2019-19244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19244"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2017-1000381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000381"
    },
    {
      "name": "CVE-2021-36690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
    },
    {
      "name": "CVE-2023-31124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
    },
    {
      "name": "CVE-2022-31160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2022-23395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23395"
    },
    {
      "name": "CVE-2022-4904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2017-1000061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
    },
    {
      "name": "CVE-2017-9048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
    },
    {
      "name": "CVE-2019-19926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19926"
    },
    {
      "name": "CVE-2020-9327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
    },
    {
      "name": "CVE-2019-9936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9936"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2022-27776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27776"
    },
    {
      "name": "CVE-2022-42916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
    },
    {
      "name": "CVE-2020-35525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35525"
    },
    {
      "name": "CVE-2017-9050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2017-15412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2013-1969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1969"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2010-4494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
    },
    {
      "name": "CVE-2022-27782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
    },
    {
      "name": "CVE-2019-19956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19956"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2016-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2015-8241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
    },
    {
      "name": "CVE-2016-3189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3189"
    },
    {
      "name": "CVE-2023-28320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
    },
    {
      "name": "CVE-2011-3970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3970"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2012-2871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2871"
    },
    {
      "name": "CVE-2023-28484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28484"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2019-19925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19925"
    },
    {
      "name": "CVE-2019-11068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
    },
    {
      "name": "CVE-2012-2870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
    },
    {
      "name": "CVE-2022-22576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22576"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2019-19924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19924"
    },
    {
      "name": "CVE-2022-29824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
    },
    {
      "name": "CVE-2013-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2019-20388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20388"
    },
    {
      "name": "CVE-2019-13117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13117"
    },
    {
      "name": "CVE-2019-20218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20218"
    },
    {
      "name": "CVE-2023-31147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
    },
    {
      "name": "CVE-2018-14567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
    },
    {
      "name": "CVE-2015-7499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
    },
    {
      "name": "CVE-2023-29469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29469"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2022-27775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27775"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2017-5130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
    },
    {
      "name": "CVE-2019-8457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2015-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
    },
    {
      "name": "CVE-2022-27774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27774"
    },
    {
      "name": "CVE-2022-40303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2015-5312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2022-42915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42915"
    },
    {
      "name": "CVE-2019-19242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19242"
    },
    {
      "name": "CVE-2022-32221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2020-7595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7595"
    },
    {
      "name": "CVE-2016-2073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2073"
    },
    {
      "name": "CVE-2015-7497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
    },
    {
      "name": "CVE-2015-7941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7941"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-7942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7942"
    },
    {
      "name": "CVE-2015-8710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8710"
    },
    {
      "name": "CVE-2019-19880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19880"
    },
    {
      "name": "CVE-2015-7498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
    },
    {
      "name": "CVE-2015-8317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2021-3672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3672"
    },
    {
      "name": "CVE-2015-8242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2021-31239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31239"
    },
    {
      "name": "CVE-2016-9598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9598"
    },
    {
      "name": "CVE-2022-23308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
    },
    {
      "name": "CVE-2019-13118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13118"
    },
    {
      "name": "CVE-2016-4607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2016-3709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3709"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2012-0841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
    },
    {
      "name": "CVE-2022-35737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
    },
    {
      "name": "CVE-2016-9597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9597"
    },
    {
      "name": "CVE-2015-8806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8806"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2019-19645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19645"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-5180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
    },
    {
      "name": "CVE-2013-2877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
    },
    {
      "name": "CVE-2021-45346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45346"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2021-3541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
    },
    {
      "name": "CVE-2018-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
    },
    {
      "name": "CVE-2019-16168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
    },
    {
      "name": "CVE-2021-30560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30560"
    },
    {
      "name": "CVE-2021-20227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
    },
    {
      "name": "CVE-2017-7376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2022-40304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
    },
    {
      "name": "CVE-2014-3660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
    },
    {
      "name": "CVE-2017-9049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
    },
    {
      "name": "CVE-2019-19923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19923"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2019-9937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9937"
    },
    {
      "name": "CVE-2019-5815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5815"
    },
    {
      "name": "CVE-2019-19959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19959"
    },
    {
      "name": "CVE-2019-19603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19603"
    },
    {
      "name": "CVE-2011-1202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1202"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2017-8872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
    },
    {
      "name": "CVE-2020-35527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35527"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2021-3518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
    },
    {
      "name": "CVE-2017-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2016-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
    },
    {
      "name": "CVE-2023-23916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
    },
    {
      "name": "CVE-2013-4520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
    }
  ],
  "initial_release_date": "2023-06-30T00:00:00",
  "last_revision_date": "2023-06-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0499",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nNetwork Monitor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Network Monitor",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2023-23 du 29 juin 2023",
      "url": "https://www.tenable.com/security/tns-2023-23"
    }
  ]
}

FKIE_CVE-2017-5969

Vulnerability from fkie_nvd - Published: 2017-04-11 16:59 - Updated: 2025-04-20 01:37

Severity ?

4.7 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2016/11/05/3	Mailing List, Third Party Advisory
cve@mitre.org	http://www.openwall.com/lists/oss-security/2017/02/13/1	Mailing List, Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/96188	Third Party Advisory, VDB Entry
cve@mitre.org	https://bugzilla.gnome.org/show_bug.cgi?id=778519	Issue Tracking, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
cve@mitre.org	https://security.gentoo.org/glsa/201711-01
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2016/11/05/3	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2017/02/13/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96188	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.gnome.org/show_bug.cgi?id=778519	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201711-01

Impacted products

	Vendor	Product	Version
	xmlsoft	libxml2	2.9.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "430C1FDF-1239-4FF2-B5A4-8CED209B8036",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."
    },
    {
      "lang": "es",
      "value": "** DISPUTADO ** libxml2 2.9.4, cuando se utiliza en el modo de recuperaci\u00f3n, permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (referencia de puntero NULL) por medio de un documento XML manipulado. NOTA: El mantenedor declara que \"no estar\u00eda de acuerdo con un CVE con la opci\u00f3n de an\u00e1lisis de recuperaci\u00f3n que s\u00f3lo deber\u00eda utilizarse para la recuperaci\u00f3n manual al menos para el analizador de XML\"."
    }
  ],
  "id": "CVE-2017-5969",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-11T16:59:00.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96188"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201711-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201711-01"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2017-02053

Vulnerability from cnvd - Published: 2017-02-26

Title

libxml2空指针引用拒绝服务漏洞

Description

Libxml2是GNOME项目组所研发的一个基于C语言的用来解析XML文档的函数库。 libxml2存在拒绝服务漏洞。攻击者可利用漏洞造成拒绝服务。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://xmlsoft.org/index.html

Reference

http://www.securityfocus.com/bid/96188

Impacted products

Name
libxml2 libxml2 2.2.9.4

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "96188"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-5969",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969"
    }
  },
  "description": "Libxml2\u662fGNOME\u9879\u76ee\u7ec4\u6240\u7814\u53d1\u7684\u4e00\u4e2a\u57fa\u4e8eC\u8bed\u8a00\u7684\u7528\u6765\u89e3\u6790XML\u6587\u6863\u7684\u51fd\u6570\u5e93\u3002\r\n\r\nlibxml2\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Henri Salo",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://xmlsoft.org/index.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-02053",
  "openTime": "2017-02-26",
  "products": {
    "product": "libxml2 libxml2 2.2.9.4"
  },
  "referenceLink": "http://www.securityfocus.com/bid/96188",
  "serverity": "\u4e2d",
  "submitTime": "2017-02-17",
  "title": "libxml2\u7a7a\u6307\u9488\u5f15\u7528\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GHSA-FH2X-V9FW-7V49

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2022-05-13 01:02

Details

** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."

Severity ?

4.7 (Medium)


                  
                    CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-5969"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-476"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-11T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"",
  "id": "GHSA-fh2x-v9fw-7v49",
  "modified": "2022-05-13T01:02:39Z",
  "published": "2022-05-13T01:02:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5969"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201711-01"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96188"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2017-5969

Vulnerability from fstec - Published: 12.02.2017

Title

Уязвимость библиотеки Libxml2, связанная с ошибками разыменования указателя, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость библиотеки Libxml2 связана с ошибками разыменования указателя. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО «Концерн ВНИИНС»

Software Name

Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), libxml2, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177)

Software Version

9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 2.9.4 (libxml2), до 16.01.2023 (ОС ОН «Стрелец»)

Possible Mitigations

Для Libxml2: использование рекомендаций производителя: https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882 Для Debian: использование рекомендаций производителя: https://security-tracker.debian.org/tracker/CVE-2017-5969 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16 Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»: обновить пакет libxml2 до 2.9.4+dfsg1-2.2+deb9u7+ci202211281307+astra1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 Для ОС ОН «Стрелец»: Обновление программного обеспечения libxml2 до версии 2.9.4+dfsg1-2.2+deb9u7

Reference

https://bugzilla.gnome.org/show_bug.cgi?id=778519 https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882 https://nvd.nist.gov/vuln/detail/CVE-2017-5969 https://security-tracker.debian.org/tracker/CVE-2017-5969 https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16 https://www.openwall.com/lists/oss-security/2016/11/05/3 https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023

CWE

CWE-476

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 2.9.4 (libxml2), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f Libxml2:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882\n\n\u0414\u043b\u044f Debian:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://security-tracker.debian.org/tracker/CVE-2017-5969\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 libxml2 \u0434\u043e 2.9.4+dfsg1-2.2+deb9u7+ci202211281307+astra1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f libxml2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.9.4+dfsg1-2.2+deb9u7",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.02.2017",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "21.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "20.01.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00218",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-5969",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), libxml2, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Libxml2, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Libxml2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://bugzilla.gnome.org/show_bug.cgi?id=778519\nhttps://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-5969\nhttps://security-tracker.debian.org/tracker/CVE-2017-5969\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\nhttps://www.openwall.com/lists/oss-security/2016/11/05/3\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-476",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

GSD-2017-5969

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-5969

Aliases

CVE-2017-5969

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-5969",
    "description": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"",
    "id": "GSD-2017-5969",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-5969.html",
      "https://advisories.mageia.org/CVE-2017-5969.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-5969"
      ],
      "details": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\"",
      "id": "GSD-2017-5969",
      "modified": "2023-12-13T01:21:13.508671Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-5969",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.gnome.org/show_bug.cgi?id=778519",
            "refsource": "MISC",
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
          },
          {
            "name": "[oss-security] 20170213 CVE-2017-5969: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
          },
          {
            "name": "[oss-security] 20161105 CVE request: Null pointer derefence parsing xml file using libxml 2.9.4 (in recover mode)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
          },
          {
            "name": "GLSA-201711-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201711-01"
          },
          {
            "name": "96188",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96188"
          },
          {
            "name": "[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "430C1FDF-1239-4FF2-B5A4-8CED209B8036",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document.  NOTE: The maintainer states \"I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser."
          },
          {
            "lang": "es",
            "value": "** DISPUTADO ** libxml2 2.9.4, cuando se utiliza en el modo de recuperaci\u00f3n, permite a los atacantes remotos provocar una denegaci\u00f3n de servicio (referencia de puntero NULL) por medio de un documento XML manipulado. NOTA: El mantenedor declara que \"no estar\u00eda de acuerdo con un CVE con la opci\u00f3n de an\u00e1lisis de recuperaci\u00f3n que s\u00f3lo deber\u00eda utilizarse para la recuperaci\u00f3n manual al menos para el analizador de XML\"."
          }
        ],
        "id": "CVE-2017-5969",
        "lastModified": "2024-04-11T00:58:56.197",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "LOW",
              "cvssData": {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 2.6,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 4.9,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV30": [
            {
              "cvssData": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.0"
              },
              "exploitabilityScore": 1.0,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2017-04-11T16:59:00.343",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2016/11/05/3"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2017/02/13/1"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/96188"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=778519"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://security.gentoo.org/glsa/201711-01"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-476"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-5969 (GCVE-0-2017-5969)

Solution

Solution

Solution

Tags

Sightings

Nomenclature