Alpaquita Linux
Security Advisory

CVE-2017-1000061

Published: July 17, 2017Last modified: November 9, 2023

Description

xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service

Severity score breakdown

ParameterValue
Base score7.1
Attack VectorLOCAL
Attack complexityLOW
Privileges requiredNONE
User interactionREQUIRED
ScopeUNCHANGED
ConfidentialityHIGH
Integrity impactNONE
Availability impactHIGH
VectorCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSxmlsecNot affected (1.2.36-r0)
StreamxmlsecNot affected (1.2.36-r0)

References

ON THIS PAGE