In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Affected configurations

NVD

Node

xmlsoftlibxml2Range<2.10.4

Node

debiandebian_linuxMatch10.0

References

gitlab.gnome.org/GNOME/libxml2/-/issues/491

gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

lists.debian.org/debian-lts-announce/2023/04/msg00031.html

security.netapp.com/advisory/ntap-20230601-0006/

security.netapp.com/advisory/ntap-20240201-0005/

alpinelinux 1

osv 8

debiancve 1

prion 1

cvelist 1

ubuntucve 1

ibm 11

veracode 1

f5 1

cve 1

cbl_mariner 1

redhatcve 1

nessus 53

oraclelinux 2

rosalinux 2

openvas 28

github 1

fedora 2

redos 1

redhat 46

rocky 1

ubuntu 2

aix 1

freebsd 1

debian 2

almalinux 2

cloudfoundry 1

amazon 2

photon 3

mageia 1

slackware 1

gentoo 1

ics 4

tenable 1

oracle 3

alpinelinux

CVE-2023-28484

2023-04-24 21:15:09

osv

CVE-2023-28484

2023-04-24 21:15:09

libxml2 vulnerabilities

2023-04-19 13:42:53

libxml2 - security update

2023-04-30 00:00:00

debiancve

CVE-2023-28484

2023-04-24 21:15:09

prion

Null pointer dereference

2023-04-24 21:15:00

cvelist

CVE-2023-28484

2023-04-24 00:00:00

ubuntucve

CVE-2023-28484

2023-04-12 00:00:00

ibm

Security Bulletin: CVE-2023-28484 may affect IBM CICS TX Advanced 10.1

2023-06-08 16:41:16

Security Bulletin: Vulnerabilities in libxml2 library (CVE-2023-28484, CVE-2023-29469) affect Power HMC.

2024-04-16 17:05:35

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2023-29469 and CVE-2023-28484)

2023-10-11 19:02:33

veracode

Denial Of Service (DoS)

2023-04-25 08:12:01

K000139641: libxml2 vulnerability CVE-2023-28484

2024-05-17 00:00:00

cve

CVE-2023-28484

2023-04-24 21:15:09

cbl_mariner

CVE-2023-28484 affecting package libxml2 for versions less than 2.10.4-1

2023-08-03 02:51:21

redhatcve

CVE-2023-28484

2023-04-11 19:29:40

nessus

F5 Networks BIG-IP : libxml2 vulnerability (K000139641)

2024-05-17 00:00:00

Fedora 38 : libxml2 (2023-a521b917c8)

2023-04-18 00:00:00

Debian DSA-5391-1 : libxml2 - security update

2023-04-21 00:00:00

oraclelinux

libxml2 security update

2023-08-02 00:00:00

libxml2 security update

2023-08-10 00:00:00

rosalinux

Advisory ROSA-SA-2024-2321

2024-01-09 09:53:22

Advisory ROSA-SA-2023-2319

2023-12-26 12:04:20

openvas

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2504)

2023-08-01 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2527)

2023-08-01 00:00:00

SUSE: Security Advisory (SUSE-SU-2023:2054-1)

2023-04-28 00:00:00

github

Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

2023-04-11 21:48:01

fedora

[SECURITY] Fedora 38 Update: libxml2-2.10.4-1.fc38

2023-04-18 01:40:06

[SECURITY] Fedora 37 Update: libxml2-2.10.4-1.fc37

2023-04-18 01:32:12

redos

ROS-20230616-04

2023-06-16 00:00:00

redhat

(RHSA-2023:4529) Moderate: libxml2 security update

2023-08-08 07:21:37

(RHSA-2023:4349) Moderate: libxml2 security update

2023-08-01 07:58:11

(RHSA-2024:0413) Moderate: libxml2 security update

2024-01-24 14:40:23

rocky

libxml2 security update

2023-10-06 23:10:01

ubuntu

libxml2 vulnerabilities

2023-04-19 00:00:00

libxml2 vulnerabilities

2023-06-07 00:00:00

aix

AIX is vulnerable to a denial of service due to libxml2

2023-07-25 11:08:32

freebsd

libxml2 -- multiple vulnerabilities

2023-04-11 00:00:00

debian

[SECURITY] [DSA 5391-1] libxml2 security update

2023-04-20 20:45:49

[SECURITY] [DLA 3405-1] libxml2 security update

2023-04-30 11:00:47

almalinux

Moderate: libxml2 security update

2023-08-01 00:00:00

Moderate: libxml2 security update

2023-08-08 00:00:00

cloudfoundry

USN-6028-1: libxml2 vulnerabilities | Cloud Foundry

2023-04-29 00:00:00

amazon

Medium: libxml2

2023-04-27 18:36:00

Medium: libxml2

2023-04-27 16:19:00

photon

Moderate Photon OS Security Update - PHSA-2023-3.0-0569

2023-04-23 00:00:00

Moderate Photon OS Security Update - PHSA-2023-5.0-0001

2023-05-02 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0380

2023-04-25 00:00:00

mageia

Updated libxml2 packages fix security vulnerability

2023-05-06 21:19:07

slackware

[slackware-security] libxml2

2023-12-10 01:15:09

gentoo

libxml2: Multiple Vulnerabilities

2024-02-09 00:00:00

ics

Siemens SIMATIC and SIPLUS

2024-06-13 12:00:00

Siemens ST7 ScadaConnect

2024-06-13 12:00:00

Siemens Telecontrol Server Basic

2024-04-11 12:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for NVD:CVE-2023-28484

alpinelinux1 osv8 debiancve1 prion1 cvelist1 ubuntucve1 ibm11 veracode1 f51 cve1 cbl_mariner1 redhatcve1 nessus53 oraclelinux2 rosalinux2 openvas28 github1 fedora2 redos1 redhat46 rocky1 ubuntu2 aix1 freebsd1 debian2 almalinux2 cloudfoundry1 amazon2 photon3 mageia1 slackware1 gentoo1 ics4 tenable1 oracle3