Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details CVEID: CVE-2017-9050 Descriptio...

Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems

Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM Integrated Management Module II IMM2 for System x, Flex and BladeCenter Systems has addressed the following...

Security Bulletin: Vulnerabilities in libxml2 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-7376, CVE-2017-7375, CVE-2017-5969, CVE-2017-0663)

Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details Summary IBM BladeCenter Advanced Management Module AMM has addressed the following vulnerabilities in libxml2. Vulnerability Details CVEID: CVE-2017-7376 Descriptio...

SUSE CVE-2023-28484

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c...

SUSE CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

UBUNTU-CVE-2023-28484

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c...

CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

CVE-2023-28484

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c...

UBUNTU-CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to...

GHSA-PXVG-2QJ5-37JQ Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

Summary Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to v2.10.4 from v2.10.3. libxml2 v2.10.4 addresses the following known vulnerabilities: - CVE-2023-29469: Hashing of empty dict strings isn't deterministic - CVE-2023-28484: Fix null deref in xmlSchemaFixupComplexTyp...

Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

Summary Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to v2.10.4 from v2.10.3. libxml2 v2.10.4 addresses the following known vulnerabilities: - CVE-2023-29469: Hashing of empty dict strings isn't deterministic - CVE-2023-28484: Fix null deref in xmlSchemaFixupComplexTyp...

CVE-2023-29469

A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors...

CVE-2023-28484

A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing invalid XML schemas...

libxml2 资源管理错误漏洞

libxml2 is an open source library used to parse XML documents . It is written in C, and can be called for a variety of languages, such as C, C++, XSH. A security vulnerability exists in libxml2 versions prior to 2.10.4. An attacker could exploit this vulnerability to cause various logic or memory...

libxml2 代码问题漏洞

libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. libxml2 has a security vulnerability , the vulnerability stems from mlSchemaFixupComplexType in the NULL pointer dereference problem...

PT-2023-3193

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.10.4 Description The issue is related to the xmlDictComputeFastKey function in dict.c, which can produce non-deterministic values when hashing empty dict strings in a crafted XML document. This can lead to various...

NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Vulnerability (NS-SA-2023-0008)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has libxml2 packages installed that are affected by a vulnerability: - xpointer.c in libxml2 before 2.9.5 as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products does not forb...

libxml2 -- multiple vulnerabilities

The libxml2 project reports: Hashing of empty dict strings isn't deterministic Fix null deref in xmlSchemaFixupComplexType...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40304)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 caused by a dict corruption flaw.CVE-2022-40304. Gnome libxml2 is included as part of the Base OS used by our service images. Please read the details for remediati...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40303)

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 caused by an integer overflow in the XMLPARSEHUGE function CVE-2022-40303. Gnome libxml2 is included as part of the Base OS used by our service images. Please read...