VDB
CVE-2017-10672
CVE-2017-10672
PUBLISHED
Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.
EPSS 10.05% · 93.2th percentile
Risk Scores
EPSS Score
10.05%
93.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | libxml-libxml-perl | *, 2.0010+dfsg-1, 2.0107+dfsg-1 |
| Ubuntu:16.04:LTS | libxml-libxml-perl | 2.0116+dfsg-5, 2.0122+dfsg-1, 2.0123+dfsg-1 |
Exploit Intelligence
- https://rt.cpan.org/Public/Bug/Display.html?id=122246 (nist-nvd)
- Use-after-free in XML::LibXML::Node::replaceChild (hackerone)
- Use-after-free in XML::LibXML::Node::replaceChild (hackerone)
- Use-after-free in XML::LibXML::Node::replaceChild (hackerone)
- DSA-4042 (circl)
- [debian-lts-announce] 20171114 [SECURITY] [DLA 1171-1] libxml-libxml-perl security update (circl)
Timeline
- CVE Published
- Sep 16, 2017 PoC Published
- Apr 14, 2021 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 14, 2023 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- Apr 3, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-10672 third-party-advisory
- https://ubuntu.com/security/notices/USN-3494-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-10672 third-party-advisory