NULL Pointer Dereference in libxml2

Do your applications use this vulnerable package? Test your applications

Overview

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

References

CONFIRM
CVE Details
Debian Bug Report
Debian Security Announcement
Debian Security Tracker
MISC
MLIST
REDHAT
RedHat Bugzilla Bug
Ubuntu CVE Tracker
Ubuntu Security Advisory
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

CVE: CVE-2018-14404
CWE: CWE-476
Snyk ID: SNYK-DEBIAN9-LIBXML2-429564
Disclosed: 19 Jul, 2018
Published: 22 Jul, 2018

NULL Pointer Dereference
Affecting libxml2 package, versions <2.9.4+dfsg1-2.2+deb9u3

Overview

References

CVSS Score

NULL Pointer Dereference Affecting libxml2 package, versions <2.9.4+dfsg1-2.2+deb9u3

Overview

References

NULL Pointer Dereference
Affecting libxml2 package, versions <2.9.4+dfsg1-2.2+deb9u3