CVE-2023-45322

The CVE-2023-45322 issue affects libxml2 up to version 2.11.5, with a use-after-free in xmlUnlinkNode (tree.c) that requires a failing memory allocation to trigger. Affected products include libxml2 libraries used in multiple distributions (Debian, Amazon Linux, Gentoo, CBLMariner, Astra Linux, e...

CVE-2023-45322

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when...

CVE-2023-45322

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when...

PT-2023-36055 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 4 crash type. The crash state involves several functions: xmlStaticCopyNode, xmlDocCopyNode, and...

CVE-2023-45322

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when...

PT-2023-6121 · Libxml2 +4 · Libxml2 +4

Name of the Vulnerable Software and Affected Versions: libxml2 versions 2.11.5 and earlier Description: The issue is related to a use-after-free vulnerability in the xmlUnlinkNode function, located in tree.c, which can occur after a certain memory allocation fails. This could potentially allow a...

Rocky Linux 8 : libxml2 (RLSA-2023:4529)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4529 advisory. - In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in...

Amazon Linux AMI : libxml2 (ALAS-2023-1841)

The version of libxml2 installed on the remote host is prior to 2.9.1-6.6.43. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1841 advisory. Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement function at...

CLSA-2023-1696537106 libxml2: Fix of 5 CVEs

CVE-2021-3517: fix flaw in the xml entity encoding - CVE-2021-3518: fix dangling pointers in entity reference nodes - CVE-2022-23308: fix use-after-free of ID and IDREF attributes - CVE-2022-40303: fix integer counters overflow when parsing a multi-gigabyte XML - CVE-2022-40304: fix double free...

PT-2023-36048 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details about the crash include the functions xmlDictLookupInternal, xmlDictLookup,...

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities

Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein, including those in Java, Go, Python and Node.js Vulnerability Details CVEID:CVE-2023-2602 DESCRIPTION: libcap is vulnerable to a denial of service, caused by a memory leak flaw in the error...

Mageia: Security Advisory (MGASA-2023-0279)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ASB-A-274231102

In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

MGASA-2023-0279 Updated libxml2 packages fix a security vulnerability

The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615...

Updated libxml2 packages fix a security vulnerability

The updated packages fix a security vulnerability: Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service DoS via supplying a crafted XML file. CVE-2023-39615...

SUSE: Security Advisory (SUSE-SU-2023:3698-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-tools / etc (SUSE-SU-2023:3698-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3698-1 advisory. - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow bsc1214768. Tenable has extracted the preceding descripti...

SUSE SLED15: libxml2-2 / libxml2-2-32bit / libxml2-devel / libxml2-devel-32bit / etc (SUSE-SU-2023:3699-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:3699-1 advisory. - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow bsc1214768. Tenable has extracted th...

SUSE-SU-2023:3699-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow bsc1214768...

SUSE-SU-2023:3698-1 Security update for libxml2

This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow bsc1214768...