Medium severity6.5NVD Advisory· Published Apr 8, 2018· Updated Jun 17, 2026
CVE-2017-18258
CVE-2017-18258
Description
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.8.2 | 1.8.2 |
Affected products
8- ghsa-coords8 versionspkg:gem/nokogiripkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 1.8.2+ 7 more
- (no CPE)range: < 1.8.2
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
Patches
Vulnerability mechanics
References
11- git.gnome.org/browse/libxml2/commit/nvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-882p-jqgm-f45gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18258ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-18258.ymlghsaWEB
- kc.mcafee.com/corporate/indexnvdWEB
- lists.debian.org/debian-lts-announce/2018/09/msg00035.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2020/09/msg00009.htmlnvdWEB
- security.netapp.com/advisory/ntap-20190719-0001ghsaWEB
- usn.ubuntu.com/3739-1ghsaWEB
- security.netapp.com/advisory/ntap-20190719-0001/nvd
- usn.ubuntu.com/3739-1/nvd
News mentions
0No linked articles in our index yet.