6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
libxml2.so is vulnerable to arbitrary code execution. An integer overflow occurs when comparing schema dates. This could potentially result in arbitrary code execution on the host OS.
lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
gitlab.gnome.org/GNOME/libxml2/-/issues/178
lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
lists.debian.org/debian-lts-announce/2020/09/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
lists.fedoraproject.org/archives/list/[email protected]/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
lists.fedoraproject.org/archives/list/[email protected]/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
lists.fedoraproject.org/archives/list/[email protected]/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
lists.fedoraproject.org/archives/list/[email protected]/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
lists.fedoraproject.org/archives/list/[email protected]/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
lists.fedoraproject.org/archives/list/[email protected]/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
lists.fedoraproject.org/archives/list/[email protected]/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
lists.fedoraproject.org/archives/list/[email protected]/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
lists.fedoraproject.org/archives/list/[email protected]/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
security.gentoo.org/glsa/202107-05
security.netapp.com/advisory/ntap-20200924-0001/
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujul2022.html
www.oracle.com/security-alerts/cpuoct2021.html
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P