Описание
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
A flaw was found in libxml2. In the affected versions of libxml2, the SAX parser can generate events for external entities, even if custom SAX handlers try to override entity content by setting it to "checked." This vulnerability allows classic XML External Entity (XXE) attacks.
Отчет
This vulnerability is marked as critical severity instead of important due to its potential to completely compromise system security. By exploiting the XXE vulnerability, an attacker can achieve arbitrary file disclosure (e.g., reading /etc/passwd), which exposes sensitive system information and credentials.
In worst-case scenarios, the flaw can lead to Remote Code Execution (RCE) in misconfigured environments or cause a Denial of Service (DoS) through resource exhaustion. The issue is especially critical because it stems from a broken protection mechanism (due to the renaming of the "checked" member), silently leaving downstream applications vulnerable without their knowledge.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | mysql8.4 | Not affected | ||
| Red Hat Enterprise Linux 6 | libxml2 | Not affected | ||
| Red Hat Enterprise Linux 6 | mysql | Not affected | ||
| Red Hat Enterprise Linux 7 | libxml2 | Not affected | ||
| Red Hat Enterprise Linux 8 | libxml2 | Not affected | ||
| Red Hat Enterprise Linux 8 | mysql:8.0/mysql | Will not fix | ||
| Red Hat Enterprise Linux 9 | libxml2 | Not affected | ||
| Red Hat Enterprise Linux 9 | mysql | Will not fix | ||
| Red Hat Enterprise Linux 9 | mysql:8.4/mysql | Not affected | ||
| Red Hat JBoss Core Services | libxml2 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.1 ...
EPSS
9.1 Critical
CVSS3