CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
78.7%
software: libxml2 2.9.14
OS: ROSA-CHROME
package_evr_string: libxml2-2.9.14-5
CVE-ID: CVE-2023-45322
BDU-ID: 2023-06827
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xmlUnlinkNode function (tree.c) of the libxml2 library is related to memory usage after it is freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxml2
CVE-ID: CVE-2022-2309
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Dereferencing a NULL pointer allows attackers to cause a denial of service (or application crash). This is only applicable when lxml is used in conjunction with libxml2. This allows failures to be caused via spoofed input, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code should not be widely used, given that parsing + iterwalk are usually replaced by the more efficient iterparse function. However, for example, an XML converter that serializes to C14N would also be vulnerable, and there are legitimate uses for this code sequence. If untrusted input data is received (also remotely) and processed using the iterwalk function, a crash may be caused.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxml2
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
78.7%