Search for packages
| purl | pkg:nuget/libxml2.vc140_xp.mt.static.x86@2.11.0 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4z87-yfha-aaaq
Aliases: CVE-2023-39615 |
** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-17T22:45:19.014642+00:00 | GitLab Importer | Affected by | VCID-4z87-yfha-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2.vc140_xp.mt.static.x86/CVE-2023-39615.yml | 34.0.1 |
| 2024-01-03T18:06:49.779227+00:00 | GitLab Importer | Affected by | VCID-4z87-yfha-aaaq | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2.vc140_xp.mt.static.x86/CVE-2023-39615.yml | 34.0.0rc1 |