Vulnerabilities > CVE-2017-0663 - Out-of-bounds Write vulnerability in Google Android
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 8 |
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1813-1.NASL description This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) - CVE-2017-7375: Prevented an unwanted external entity reference (bsc#1044894) - CVE-2017-7376: Increase buffer space for port in HTTP redirect support (bsc#1044887) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101351 published 2017-07-10 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101351 title SUSE SLES11 Security Update : libxml2 (SUSE-SU-2017:1813-1) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1060.NASL description CVE-2017-0663 Invalid casting of different structs could enable an attacker to remotely execute some code within the context of an unprivileged process. CVE-2017-7376 Incorrect limit used for port values. For Debian 7 last seen 2020-03-17 modified 2017-08-21 plugin id 102595 published 2017-08-21 reporter This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102595 title Debian DLA-1060-1 : libxml2 security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1257.NASL description According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.(CVE-2017-0663) - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a last seen 2020-06-01 modified 2020-06-02 plugin id 117566 published 2018-09-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117566 title EulerOS Virtualization 2.5.1 : libxml2 (EulerOS-SA-2018-1257) NASL family SuSE Local Security Checks NASL id OPENSUSE-2017-754.NASL description This update for libxml2 fixes the following issues : Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) This update was imported from the SUSE:SLE-12-SP2:Update update project. last seen 2020-06-05 modified 2017-07-03 plugin id 101189 published 2017-07-03 reporter This script is Copyright (C) 2017-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/101189 title openSUSE Security Update : libxml2 (openSUSE-2017-754) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1258.NASL description According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.(CVE-2017-0663) - parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a last seen 2020-06-01 modified 2020-06-02 plugin id 117567 published 2018-09-18 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117567 title EulerOS Virtualization 2.5.0 : libxml2 (EulerOS-SA-2018-1258) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3424-1.NASL description It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-0663) It was discovered that libxml2 did not properly validate parsed entity references. An attacker could use this to specially construct XML data that could expose sensitive information. (CVE-2017-7375) It was discovered that a buffer overflow existed in libxml2 when handling HTTP redirects. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-7376) Marcel Bohme and Van-Thuan Pham discovered a buffer overflow in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service or possibly execute arbitrary code. (CVE-2017-9047) Marcel Bohme and Van-Thuan Pham discovered a buffer overread in libxml2 when handling elements. An attacker could use this to specially construct XML data that could cause a denial of service. (CVE-2017-9048) Marcel Bohme and Van-Thuan Pham discovered multiple buffer overreads in libxml2 when handling parameter-entity references. An attacker could use these to specially construct XML data that could cause a denial of service. (CVE-2017-9049, CVE-2017-9050). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 103327 published 2017-09-19 reporter Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/103327 title Ubuntu 14.04 LTS / 16.04 LTS / 17.04 : libxml2 vulnerabilities (USN-3424-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201711-01.NASL description The remote host is affected by the vulnerability described in GLSA-201711-01 (libxml2: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted XML document, could remotely execute arbitrary code, conduct XML External Entity (XXE) attacks, or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 104492 published 2017-11-10 reporter This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/104492 title GLSA-201711-01 : libxml2: Multiple vulnerabilities NASL family Huawei Local Security Checks NASL id EULEROS_SA-2018-1186.NASL description According to the version of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.(CVE-2017-0663) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2018-07-03 plugin id 110850 published 2018-07-03 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110850 title EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1186) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3952.NASL description Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause a denial-of-service against the application, information leaks, or potentially, the execution of arbitrary code with the privileges of the user running the application. last seen 2020-06-01 modified 2020-06-02 plugin id 102685 published 2017-08-23 reporter This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/102685 title Debian DSA-3952-1 : libxml2 - security update NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2491.NASL description According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.(CVE-2017-0663) - libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567) - The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.(CVE-2017-8872) - libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer last seen 2020-05-08 modified 2019-12-04 plugin id 131644 published 2019-12-04 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131644 title EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-2491) NASL family SuSE Local Security Checks NASL id SUSE_SU-2017-1670-1.NASL description This update for libxml2 fixes the following issues: Security issues fixed : - CVE-2017-0663: Fixed a heap buffer overflow in xmlAddID (bsc#1044337) - CVE-2017-5969: Fixed a NULL pointer deref in xmlDumpElementContent (bsc#1024989) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 101056 published 2017-06-27 reporter This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/101056 title SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:1670-1)
References
- https://source.android.com/security/bulletin/2017-06-01
- http://www.securityfocus.com/bid/98877
- http://www.securitytracker.com/id/1038623
- http://www.debian.org/security/2017/dsa-3952
- https://security.gentoo.org/glsa/201711-01
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E