CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

Moderate Photon OS Security Update - PHSA-2023-3.0-0569

Updates of 'libxml2' packages of Photon OS have been released...

Debian: Security Advisory (DSA-5391-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-5391-1 : libxml2 - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5391 advisory. - The libxml2 project reports: Hashing of empty dict strings isn't deterministic Fix null deref in xmlSchemaFixupComplexType CVE-2023-28484, CVE-2023-29469 Note...

[SECURITY] [DSA 5391-1] libxml2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5391-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 20, 2023 https://www.debian.org/security/faq -...

Double Free

libxml2.so is vulnerable to Double Free. The initial byte of an empty string is used by xmlDictComputeFastKey to calculate a hash value, which is typically null-terminated but may be random if the string is a part of a bigger buffer, resulting in logic and memory errors, such as a double free...

Ubuntu: Security Advisory (USN-6028-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle HTTP Server (Apr 2023 CPU)

The version of Oracle HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the Apr 2023 CPU advisory. - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: SSL Module zlib . The supported version that is affected is...

DSA-5391-1 libxml2 - security update

Bulletin has no description...

USN-6028-1: libxml2 vulnerabilities

It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2023-28484 It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a cras...

USN-6028-1 libxml2 vulnerabilities

It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash or execute arbitrary code. CVE-2023-28484 It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a cras...

Fedora: Security Advisory for libxml2 (FEDORA-2023-a521b917c8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for libxml2 (FEDORA-2023-dae7cc20ac)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AIX 7.3 TL 1 : libxml2 (IJ45060)

https://vulners.com/cve/CVE-2022-40304 https://vulners.com/cve/CVE-2022-40304 Gnome ibxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a dict corruption flaw. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability...

AIX : Multiple Vulnerabilities (IJ45059)

The version of AIX installed on the remote host is prior to APAR IJ45059. It is, therefore, affected by multiple vulnerabilities as referenced in the IJ45059 advisory. - An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key,...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : libxml2 vulnerabilities (USN-6028-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6028-1 advisory. It was discovered that lixml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cau...

AIX 7.2 TL 5 : libxml2 (IJ45056)

https://vulners.com/cve/CVE-2022-40304 https://vulners.com/cve/CVE-2022-40304 Gnome ibxml2 could allow a remote attacker to execute arbitrary code on the system, caused by a dict corruption flaw. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability...

[SECURITY] Fedora 38 Update: libxml2-2.10.4-1.fc38

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

Fedora 37 : libxml2 (2023-dae7cc20ac)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-dae7cc20ac advisory. Update to 2.10.4 Fix CVE-2023-29469 Fix CVE-2023-28484 Tenable has extracted the preceding description block directly from the Fedora security...

Fedora 38 : libxml2 (2023-a521b917c8)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-a521b917c8 advisory. Update to 2.10.4 Fix CVE-2023-29469 Fix CVE-2023-28484 Tenable has extracted the preceding description block directly from the Fedora security...