CVE-2023-28484

Опубликовано: 24 апр. 2023

Источник: debian

EPSS Низкий

Описание

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libxml2	fixed	2.9.14+dfsg-1.2		package

Примечания

https://bugzilla.redhat.com/show_bug.cgi?id=2185994
Related (but not strictly part of the CVE): https://gitlab.gnome.org/GNOME/libxml2/-/commit/4c6922f763ad958c48ff66f82823ae21f2e92ee6 (v2.10.4)
Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f (v2.10.4)

EPSS

Процентиль: 49%

0.00263

Низкий

Связанные уязвимости

CVE-2023-28484

CVSS3: 6.5

ubuntu

около 2 лет назад

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

CVE-2023-28484

CVSS3: 5.9

redhat

около 2 лет назад

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

CVE-2023-28484

CVSS3: 6.5

nvd

около 2 лет назад

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

CVE-2023-28484

CVSS3: 6.5

msrc

около 2 лет назад

Описание отсутствует

GHSA-7cv2-wjgm-j7rm

CVSS3: 6.5

github

около 2 лет назад

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

EPSS

Процентиль: 49%

0.00263

Низкий