CVE-2018-9251 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A security issue has been found in libxml2 <= 2.9.8 compiled with LZMA support enabled, in the xz_decomp function in xzlib.c. This flaw allows a remote attacker to cause a denial of service via an infinite loop, using a crafted XML payload that triggers LZMA_MEMLIMIT_ERROR.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-673	lib32-libxml2	2.9.8-3	2.9.8-4	Medium	Fixed
AVG-672	libxml2	2.9.8-4	2.9.8-5	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
01 Oct 2018	ASA-201810-4	AVG-673	lib32-libxml2	Medium	denial of service
01 Oct 2018	ASA-201810-3	AVG-672	libxml2	Medium	denial of service

References
https://bugzilla.gnome.org/show_bug.cgi?id=794914 https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74