PT-2023-3189 · Libxml2+11 · Libxml2+11

Publicado

2023-04-11

Atualizado

2025-03-31

CVE-2023-28484

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.10.4

Description The issue is related to the xmlSchemaFixupComplexType function in the xmlschemas.c file of the libxml2 library, which is associated with a null pointer dereference. This can be exploited by a remote attacker to cause a denial of service. The vulnerability occurs when parsing certain invalid XSD schemas, leading to a NULL pointer dereference and subsequently a segfault.

Recommendations For libxml2 versions prior to 2.10.4, update to version 2.10.4 or later to resolve the issue. As a temporary workaround, consider restricting the parsing of XSD schemas to minimize the risk of exploitation.

Exploit

Correção

DoS

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALSA-2023:4349

ALSA-2023:4529

ALT-PU-2023-1674

ALT-PU-2025-3794

ALT-PU-2025-3838

AZL-26281

BDU:2023-03298

CESA-2023_4529

CVE-2023-28484

DLA-3405-1

DSA-5391-1

GHSA-PXVG-2QJ5-37JQ

MGASA-2023-0157

OESA-2023-1262

OPENSUSE-SU-2024:12877-1

RHSA-2023:4349

RHSA-2023:4529

RHSA-2023_4349

RHSA-2023_4529

RHSA-2024:0413

RLSA-2023:4529

ROSA-SA-2023-2319

ROSA-SA-2024-2321

SUSE-SU-2023:2048-1

SUSE-SU-2023:2053-1

SUSE-SU-2023:2054-1

SUSE-SU-2023:3665-1

SUSE-SU-2023_2053-1

SUSE-SU-2023_2054-1

USN-6028-1

USN-6028-2

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libxml2

PT-2023-3189 · Libxml2+11 · Libxml2+11

CVE-2023-28484

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 95