gsd-2017-15412
Vulnerability from gsd
Modified
2018-01-29 00:00
Details
The version of libxml2 packaged with Nokogiri contains a vulnerability. Nokogiri has mitigated these issue by upgrading to libxml 2.9.6. It was discovered that libxml2 incorrecty handled certain files. An attacker could use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2017-15412",
    "description": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
    "id": "GSD-2017-15412",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-15412.html",
      "https://www.debian.org/security/2018/dsa-4086",
      "https://access.redhat.com/errata/RHBA-2020:1540",
      "https://access.redhat.com/errata/RHBA-2020:1539",
      "https://access.redhat.com/errata/RHSA-2020:1190",
      "https://access.redhat.com/errata/RHSA-2018:0287",
      "https://access.redhat.com/errata/RHSA-2017:3401",
      "https://ubuntu.com/security/CVE-2017-15412",
      "https://advisories.mageia.org/CVE-2017-15412.html",
      "https://security.archlinux.org/CVE-2017-15412",
      "https://alas.aws.amazon.com/cve/html/CVE-2017-15412.html",
      "https://linux.oracle.com/cve/CVE-2017-15412.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "nokogiri",
            "purl": "pkg:gem/nokogiri"
          }
        }
      ],
      "aliases": [
        "CVE-2017-15412"
      ],
      "details": "The version of libxml2 packaged with Nokogiri contains a\nvulnerability. Nokogiri has mitigated these issue by upgrading to\nlibxml 2.9.6.\n\nIt was discovered that libxml2 incorrecty handled certain files. An attacker\ncould use this issue with specially constructed XML data to cause libxml2 to\nconsume resources, leading to a denial of service.\n",
      "id": "GSD-2017-15412",
      "modified": "2018-01-29T00:00:00.000Z",
      "published": "2018-01-29T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/sparklemotion/nokogiri/issues/1714"
        },
        {
          "type": "WEB",
          "url": "https://usn.ubuntu.com/usn/usn-3513-1/"
        },
        {
          "type": "WEB",
          "url": "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html"
        }
      ],
      "related": [
        "CVE-2017-18258"
      ],
      "schema_version": "1.4.0",
      "summary": "Nokogiri gem, via libxml, is affected by DoS vulnerabilities"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@google.com",
        "ID": "CVE-2017-15412",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Google Chrome prior to 63.0.3239.84 unknown",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Google Chrome prior to 63.0.3239.84 unknown"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use After Free"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1040348",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1040348"
          },
          {
            "name": "https://crbug.com/727039",
            "refsource": "MISC",
            "url": "https://crbug.com/727039"
          },
          {
            "name": "https://bugzilla.gnome.org/show_bug.cgi?id=783160",
            "refsource": "MISC",
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=783160"
          },
          {
            "name": "DSA-4086",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2018/dsa-4086"
          },
          {
            "name": "RHSA-2018:0287",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0287"
          },
          {
            "name": "[debian-lts-announce] 20171218 [SECURITY] [DLA 1211-1] libxml2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html"
          },
          {
            "name": "RHSA-2017:3401",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:3401"
          },
          {
            "name": "GLSA-201801-03",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201801-03"
          },
          {
            "name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
            "refsource": "MISC",
            "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
          }
        ]
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2017-15412",
      "date": "2018-01-29",
      "description": "The version of libxml2 packaged with Nokogiri contains a\nvulnerability. Nokogiri has mitigated these issue by upgrading to\nlibxml 2.9.6.\n\nIt was discovered that libxml2 incorrecty handled certain files. An attacker\ncould use this issue with specially constructed XML data to cause libxml2 to\nconsume resources, leading to a denial of service.\n",
      "gem": "nokogiri",
      "patched_versions": [
        "\u003e= 1.8.2"
      ],
      "related": {
        "cve": [
          "2017-18258"
        ],
        "url": [
          "https://usn.ubuntu.com/usn/usn-3513-1/",
          "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html"
        ]
      },
      "title": "Nokogiri gem, via libxml, is affected by DoS vulnerabilities",
      "url": "https://github.com/sparklemotion/nokogiri/issues/1714"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.8.2",
          "affected_versions": "All versions before 1.8.2",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-416",
            "CWE-937"
          ],
          "date": "2018-10-25",
          "description": "The libxml2 binary, which is included in nokogiri, incorrectly handles certain files. An attacker can use this issue with specially constructed XML data to cause libxml2 to consume resources, leading to a denial of service. ",
          "fixed_versions": [
            "1.8.2"
          ],
          "identifier": "CVE-2017-15412",
          "identifiers": [
            "CVE-2017-15412"
          ],
          "not_impacted": "All versions starting from 1.8.2",
          "package_slug": "gem/nokogiri",
          "pubdate": "2018-08-28",
          "solution": "Upgrade to version 1.8.2 or above.",
          "title": "Denial of Service",
          "urls": [
            "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412",
            "https://github.com/sparklemotion/nokogiri/issues/1714",
            "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-15412.html"
          ],
          "uuid": "78658378-bd8f-4d79-81c8-07c419302426"
        },
        {
          "affected_range": "(,2.9.5)",
          "affected_versions": "All versions before 2.9.5",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-416",
            "CWE-937"
          ],
          "date": "2018-10-25",
          "description": "Use after free in libxml2, as used in Google Chrome and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
          "fixed_versions": [],
          "identifier": "CVE-2017-15412",
          "identifiers": [
            "CVE-2017-15412"
          ],
          "not_impacted": "",
          "package_slug": "nuget/libxml2",
          "pubdate": "2018-08-28",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Use After Free",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-15412"
          ],
          "uuid": "b349ada1-665e-497a-b7e6-42f6e68e3fc5"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "63.0.3239.84",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.9.5",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2017-15412"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://crbug.com/727039",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://crbug.com/727039"
            },
            {
              "name": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=783160",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=783160"
            },
            {
              "name": "DSA-4086",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4086"
            },
            {
              "name": "GLSA-201801-03",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201801-03"
            },
            {
              "name": "[debian-lts-announce] 20171218 [SECURITY] [DLA 1211-1] libxml2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html"
            },
            {
              "name": "RHSA-2018:0287",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0287"
            },
            {
              "name": "RHSA-2017:3401",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3401"
            },
            {
              "name": "1040348",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1040348"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-25T11:35Z",
      "publishedDate": "2018-08-28T19:29Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.