Main Vulnerability Database SB2018090705

SB2018090705 - Amazon Linux AMI update for libxml2

Published: September 7, 2018 Updated: April 12, 2023

Security Bulletin ID SB2018090705

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Null pointer dereference (CVE-ID: CVE-2018-14404)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the xmlXPathCompOpEval() function, as defined in the path.c source code file due to improper parsing of invalid XPath expressions in the XPATH_OP_AND and XPATH_OP_OR cases. A remote attacker can send a specially crafted request that submits malicious input to an application that is using the affected library, trigger a NULL pointer dereference and cause the application to crash.

Remediation

Install update from vendor's website.

References

https://alas.aws.amazon.com/ALAS-2018-1072.html