Critical severity9.8NVD Advisory· Published Jun 29, 2017· Updated Jun 17, 2026
CVE-2017-10672
CVE-2017-10672
Description
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.
Affected products
16- cpe:2.3:a:xml-libxml_project:xml-libxml:*:*:*:*:*:perl:*:*Range: <=2.0129
- Range: <=2.0129
- osv-coords12 versionspkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/perl-XML-LibXML&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 2.0019-6.3.5+ 11 more
- (no CPE)range: < 2.0019-6.3.5
- (no CPE)range: < 2.0019-6.3.5
- (no CPE)range: < 1.66-3.3.1
- (no CPE)range: < 1.66-3.3.1
- (no CPE)range: < 1.66-3.3.1
- (no CPE)range: < 1.66-3.3.1
- (no CPE)range: < 2.0019-6.3.5
- (no CPE)range: < 2.0019-6.3.5
- (no CPE)range: < 2.0019-6.3.5
- (no CPE)range: < 1.66-3.3.1
- (no CPE)range: < 2.0019-6.3.5
- (no CPE)range: < 2.0019-6.3.5
Patches
Vulnerability mechanics
References
3- rt.cpan.org/Public/Bug/Display.htmlnvdExploitMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2017/11/msg00017.htmlnvdThird Party Advisory
- www.debian.org/security/2017/dsa-4042nvdThird Party Advisory
News mentions
0No linked articles in our index yet.