Описание
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2024:0119 | 10.01.2024 |
| Red Hat Enterprise Linux 8 | libxml2 | Fixed | RHSA-2024:0119 | 10.01.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | libxml2 | Fixed | RHSA-2024:0413 | 25.01.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | libxml2 | Fixed | RHSA-2023:7544 | 28.11.2023 |
| Red Hat Enterprise Linux 9 | libxml2 | Fixed | RHSA-2023:7747 | 12.12.2023 |
| Red Hat Enterprise Linux 9 | libxml2 | Fixed | RHSA-2023:7747 | 12.12.2023 |
| Red Hat OpenShift Container Platform 4.13 | openshift4-wincw/windows-machine-config-operator-bundle | Fixed | RHSA-2024:1477 | 25.03.2024 |
| Red Hat OpenShift Container Platform 4.13 | openshift4-wincw/windows-machine-config-rhel9-operator | Fixed | RHSA-2024:1477 | 25.03.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds rea ...
EPSS
6.5 Medium
CVSS3