A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ubuntu_linux | Canonical | 12.04 (including) | 12.04 (including) |
| Ubuntu_linux | Canonical | 14.04 (including) | 14.04 (including) |
| Ubuntu_linux | Canonical | 16.04 (including) | 16.04 (including) |
| Ubuntu_linux | Canonical | 18.04 (including) | 18.04 (including) |
| Debian_linux | Debian | - (including) | - (including) |
| JBoss Core Services Apache HTTP Server 2.4.29 SP2 | RedHat | libxml2 | * |
| Red Hat Ansible Tower 3.5 for RHEL 7 | RedHat | ansible-tower-35/ansible-tower:3.5.6-1 | * |
| Red Hat Ansible Tower 3.6 for RHEL 7 | RedHat | ansible-tower-36/ansible-tower:3.6.4-1 | * |
| Red Hat Enterprise Linux 7 | RedHat | libxml2-0:2.9.1-6.el7.4 | * |
| Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-7.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-7.el8 | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | cockpit-ovirt-0:0.13.10-1.el7ev | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | redhat-release-virtualization-host-0:4.3.9-2.el7ev | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | redhat-virtualization-host-0:4.3.9-20200324.0.el7_8 | * |
| Libxml2 | Ubuntu | artful | * |
| Libxml2 | Ubuntu | bionic | * |
| Libxml2 | Ubuntu | devel | * |
| Libxml2 | Ubuntu | trusty | * |
| Libxml2 | Ubuntu | upstream | * |
| Libxml2 | Ubuntu | xenial | * |