Search for vulnerabilities
Vulnerability details: VCID-d5gp-ggk5-mkh5
Vulnerability ID VCID-d5gp-ggk5-mkh5
Aliases CVE-2023-39615
Summary Improper Restriction of Operations within the Bounds of a Memory Buffer Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.
Status Disputed
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00093 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
epss 0.00095 https://api.first.org/data/v1/epss?cve=CVE-2023-39615
cvssv3.1 6.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
ssvc Track https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2023-39615
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json
https://api.first.org/data/v1/epss?cve=CVE-2023-39615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39615
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
1051230 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051230
2235864 https://bugzilla.redhat.com/show_bug.cgi?id=2235864
cpe:2.3:a:xmlsoft:libxml2:2.11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.11.0:*:*:*:*:*:*:*
CVE-2023-39615 https://nvd.nist.gov/vuln/detail/CVE-2023-39615
RHSA-2023:7544 https://access.redhat.com/errata/RHSA-2023:7544
RHSA-2023:7626 https://access.redhat.com/errata/RHSA-2023:7626
RHSA-2023:7747 https://access.redhat.com/errata/RHSA-2023:7747
RHSA-2024:0119 https://access.redhat.com/errata/RHSA-2024:0119
RHSA-2024:0413 https://access.redhat.com/errata/RHSA-2024:0413
RHSA-2024:1317 https://access.redhat.com/errata/RHSA-2024:1317
RHSA-2024:1383 https://access.redhat.com/errata/RHSA-2024:1383
RHSA-2024:1477 https://access.redhat.com/errata/RHSA-2024:1477
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-39615.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-02T13:25:30Z/ Found at https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-39615
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.27227
EPSS Score 0.00093
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-08-01T02:27:53.682780+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2023-39615 37.0.0
2025-07-31T09:29:53.228069+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/libxml2/CVE-2023-39615.yml 37.0.0