A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | libxml2 | 2018-09-05 19:31 | ALAS-2018-1072 |
Amazon Linux 1 | libxml2 | 2020-08-10 22:59 | ALAS-2020-1415 |
Amazon Linux 2 - Core | libxml2 | 2020-07-21 16:34 | ALAS2-2020-1466 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 6.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |