Description
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
References (7)
Core 7
Core References
Issue Tracking, Patch, Third Party Advisory, VDB Entry x_refsource_misc
https://bugzilla.gnome.org/show_bug.cgi?id=772726
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/lsh123/xmlsec/issues/43
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3739-1/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201711-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94347
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3739-2/
Mailing List mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
Scores
CVSS v3
5.5
EPSS
0.0294
EPSS Percentile
85.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-611
Status
published
Products (5)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
canonical/ubuntu_linux
18.04
xmlsoft/libxml2
< 2.9.4
Published
Nov 16, 2016
Tracked Since
Feb 18, 2026