Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2319
HistoryDec 26, 2023 - 12:04 p.m.

Advisory ROSA-SA-2023-2319

2023-12-2612:04:20
ROSA LAB
abf.rosalinux.ru
14
advisory
libxml2
rosa-chrome
cve-2023-28484
bdu-id
null pointer dereferencing
denial of service
fixed
sudo dnf update
cve-2023-29469
memory re-release error
unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

46.5%

software: libxml2 2.9.14
OS: ROSA-CHROME

package_evr_string: libxml2-2.9.14-4.src.rpm

CVE-ID: CVE-2023-28484
BDU-ID: 2023-03298
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xmlSchemaFixupComplexType (xmlschemas.c) function of the Libxml2 library is related to null pointer dereferencing. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxml2

CVE-ID: CVE-2023-29469
BDU-ID: 2023-03302
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xmlDictComputeFastKey (dict.c) function of the Libxml2 library is related to a memory re-release error when handling dict empty string hashes. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxml2

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibxml2< 2.9.14UNKNOWN

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

46.5%