F5-K000138957
First published: Wed Mar 20 2024(Updated: )
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Traffix Systems Signaling Delivery Controller | =5.1.0 | 5.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K000138957?
The severity of F5-K000138957 is considered significant due to its potential to cause Denial of Service (DoS).
How do I fix F5-K000138957?
To fix F5-K000138957, upgrade to the latest version of the affected software as recommended by F5.
What causes the F5-K000138957 vulnerability?
F5-K000138957 is caused by an out-of-bounds read in the xmlSAX2StartElement() function of the Xmlsoft Libxml2 library.
Who is affected by F5-K000138957?
F5-K000138957 affects users of the F5 Traffix SDC versions 5.1.0 and 5.2.0.
What are the potential impacts of F5-K000138957?
The potential impacts of F5-K000138957 include the possibility of a Denial of Service (DoS) when a malicious XML file is processed.
- agent/last-modified-date
- agent/references
- agent/severity
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/f5-advisory
- source/F5
- alias/CVE-2023-39615
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 traffix systems signaling delivery controller
- version/f5 traffix systems signaling delivery controller/5.1.0