VulnerableCode Package Details - pkg:rpm/redhat/libxml2@2.9.7-13.el8

Search for packages

Vulnerability	Summary	Fixed by
VCID-aasn-u7fd-8bhy Aliases: CVE-2023-39615	Improper Restriction of Operations within the Bounds of a Memory Buffer Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.	There are no reported fixed by versions.
VCID-eb6k-ppfd-m7a3 Aliases: CVE-2022-40304	Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.	There are no reported fixed by versions.
VCID-qpnt-xvgv-s3cq Aliases: CVE-2023-28484	This advisory has been invalidated.	There are no reported fixed by versions.
VCID-udew-3gre-13hy Aliases: CVE-2022-40303	Multiple vulnerabilities have been found in libxml2, the worst of which could result in arbitrary code execution.	There are no reported fixed by versions.
VCID-x9ej-7dcq-tub2 Aliases: CVE-2023-29469	Double Free An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-aasn-u7fd-8bhy
Aliases:
CVE-2023-39615

Improper Restriction of Operations within the Bounds of a Memory Buffer Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.