Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-39615

Published: 29/08/2023 Updated: 11/04/2024
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Libxml2

Vulnerability Summary

Xmlsoft Libxml2 v2.11.0 exists to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows malicious users to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft libxml2 2.11.0

Vendor Advisories

Debian CVElist Bug Report Logs: libxml2: CVE-2023-39615
Debian Bug report logs - #1051230 libxml2: CVE-2023-39615 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 4 Sep 2023 19:03:02 UTC Severity: important Tags: security, upstream Fo ...
Amazon Linux 2: ALAS2-2023-2249
Xmlsoft Libxml2 v2110 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2c This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file (CVE-2023-39615) ...
Red Hat: Important: Red Hat build of Cryostat security update
Synopsis Important: Red Hat build of Cryostat security update Type/Severity Security Advisory: Important Topic An update is now available for the Red Hat build of Cryostat 2 on RHEL 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a ...
Red Hat: Moderate: libxml2 security update
Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libxml2 is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Product Security has rated ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 SP2 security update
概述 Important: Red Hat JBoss Core Services Apache HTTP Server 2457 SP2 security update 类型/严重性 Security Advisory: Important 标题 Red Hat JBoss Core Services Apache HTTP Server 2457 Service Pack 2 is now availableRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability S ...
Red Hat: Moderate: Logging Subsystem 5.8.2 - Red Hat OpenShift security update
Synopsis Moderate: Logging Subsystem 582 - Red Hat OpenShift security update Type/Severity Security Advisory: Moderate Topic Moderate: Logging Subsystem 582 - Red Hat OpenShift security updateRed Hat Product Security has rated this update as having a security impact of moderate A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Important: ACS 4.1 enhancement update
Synopsis Important: ACS 41 enhancement update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security 416 The updated images includes security fixesRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System ( ...
Red Hat: Moderate: libxml2 security update
Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libxml2 is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Security has rated ...
Red Hat: Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update
Synopsis Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update Type/Severity Security Advisory: Moderate Topic Migration Toolkit for Runtimes 124 releaseRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a de ...
Red Hat: Moderate: libxml2 security update
Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for libxml2 is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a se ...
Red Hat: Important: RHACS 4.2 security update
Synopsis Important: RHACS 42 security update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security 424The updated images includes security fixesRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CV ...
Red Hat: Critical: Red Hat Advanced Cluster Management 2.9.2 security and bug fix container updates
Synopsis Critical: Red Hat Advanced Cluster Management 292 security and bug fix container updates Type/Severity Security Advisory: Critical Topic Red Hat Advanced Cluster Management for Kubernetes 292 GeneralAvailability release images, which provide security updates and fix bugsRed Hat Product Security has rated this update as having a ...
Amazon Linux AMI: ALAS-2023-1841
Xmlsoft Libxml2 v2110 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2c This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file (CVE-2023-39615) ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Xmlsoft Libxml2 v2110 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2c This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing
https://ics-cert.us-cert.gov/advisories/1bdc6732092efdd559b7ba58f0d870eb
Critical Infrastructure Sectors: Energy, Transportation Systems, Water and Wastewater Systems

References

CWE-119https://gitlab.gnome.org/GNOME/libxml2/-/issues/535https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230https://nvd.nist.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://alas.aws.amazon.com/AL2/ALAS-2023-2249.html
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook