High severity7.5NVD Advisory· Published Nov 23, 2017· Updated Jun 17, 2026
CVE-2017-16932
CVE-2017-16932
Description
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.8.1 | 1.8.1 |
Affected products
34- ghsa-coords33 versionspkg:gem/nokogiripkg:rpm/suse/libxml2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/libxml2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/libxml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/libxml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-libxml2&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-libxml2&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-libxml2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-libxml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-libxml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 1.8.1+ 32 more
- (no CPE)range: < 1.8.1
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
- (no CPE)range: < 2.9.4-46.54.3
Patches
Vulnerability mechanics
References
17- github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961nvdPatchThird Party AdvisoryWEB
- xmlsoft.org/news.htmlnvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-x2fm-93ww-ggvxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-16932ghsaADVISORY
- blog.clamav.net/2018/07/clamav-01001-has-been-released.htmlnvdWEB
- bugzilla.gnome.org/show_bug.cginvdPermissions RequiredWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.ymlghsaWEB
- github.com/sparklemotion/nokogiri/issues/1714ghsaWEB
- lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3EnvdWEB
- lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3EnvdWEB
- lists.debian.org/debian-lts-announce/2017/11/msg00041.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlnvdWEB
- usn.ubuntu.com/3739-1ghsaWEB
- gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961nvd
- lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Envd
- lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Envd
- usn.ubuntu.com/3739-1/nvd
News mentions
0No linked articles in our index yet.