---

CVE-2017-18258 - log back

CVE-2017-18258 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Denial of service
Description	+ A security issue has been found in libxml2 <= 2.9.6 compiled with LZMA support enabled, in the xz_head function in xzlib.c. This flaw allows a remote attacker to cause a denial of service via unbounded memory consumption, using a crafted XML payload.
References	+ https://bugzilla.gnome.org/show_bug.cgi?id=786696 + https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
Notes