{"api_version":"1","generated_at":"2026-04-22T21:36:05+00:00","cve":"CVE-2017-9049","urls":{"html":"https://cve.report/CVE-2017-9049","api":"https://cve.report/api/cve/CVE-2017-9049.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-9049","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-9049"},"summary":{"title":"CVE-2017-9049","description":"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-05-18 06:29:00","updated_at":"2023-11-07 02:50:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/98601","name":"98601","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"libxml2 CVE-2017-9049 Heap Buffer Overflow Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E","name":"[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","refsource":"","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201711-01","name":"GLSA-201711-01","refsource":"GENTOO","tags":[],"title":"libxml2: Multiple vulnerabilities (GLSA 201711-01) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E","name":"[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2017/05/15/1","name":"http://www.openwall.com/lists/oss-security/2017/05/15/1","refsource":"MISC","tags":["Exploit","Mailing List","Patch","Third Party Advisory"],"title":"oss-security - Invalid writes and reads in libxml2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.debian.org/security/2017/dsa-3952","name":"DSA-3952","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-3952-1 libxml2","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E","name":"[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","refsource":"MLIST","tags":[],"title":"Pony Mail!","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E","name":"[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","refsource":"","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-9049","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9049","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"9049","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xmlsoft","cpe5":"libxml2","cpe6":"2.9.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2017","cve_id":"9049","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"xmlsoft","cpe5":"libxml2","cpe6":"2.9.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2017-9049","qid":"591406","title":"Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)"},{"cve":"CVE-2017-9049","qid":"710359","title":"Gentoo Linux libxml2 Multiple Vulnerabilities (GLSA 201711-01)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-9049","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"DSA-3952","refsource":"DEBIAN","url":"http://www.debian.org/security/2017/dsa-3952"},{"name":"GLSA-201711-01","refsource":"GENTOO","url":"https://security.gentoo.org/glsa/201711-01"},{"name":"http://www.openwall.com/lists/oss-security/2017/05/15/1","refsource":"MISC","url":"http://www.openwall.com/lists/oss-security/2017/05/15/1"},{"name":"98601","refsource":"BID","url":"http://www.securityfocus.com/bid/98601"},{"refsource":"MLIST","name":"[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","url":"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"},{"refsource":"MLIST","name":"[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8","url":"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"}]}},"nvd":{"publishedDate":"2017-05-18 06:29:00","lastModifiedDate":"2023-11-07 02:50:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:xmlsoft:libxml2:2.9.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"9049","Ordinal":"105991","Title":"CVE-2017-9049","CVE":"CVE-2017-9049","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"9049","Ordinal":"1","NoteData":"libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"9049","Ordinal":"2","NoteData":"2017-05-18","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"9049","Ordinal":"3","NoteData":"2021-06-29","Type":"Other","Title":"Modified"}]}}}