REDHAT-BUG-2235864: Buffer Overflow
First published: Tue Aug 29 2023(Updated: )
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. <a href="https://gitlab.gnome.org/GNOME/libxml2/-/issues/535">https://gitlab.gnome.org/GNOME/libxml2/-/issues/535</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| libxml2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2236390
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2236391
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2236392
- https://access.redhat.com/errata/RHSA-2023:7544
- https://access.redhat.com/errata/RHSA-2023:7626
- https://access.redhat.com/errata/RHSA-2023:7747
- https://access.redhat.com/errata/RHSA-2024:0119
- https://access.redhat.com/errata/RHSA-2024:0413
- https://access.redhat.com/errata/RHSA-2024:1317
- https://bugzilla.redhat.com/show_bug.cgi?id=2235864
Frequently Asked Questions
What is the severity of REDHAT-BUG-2235864?
The severity of REDHAT-BUG-2235864 is classified as critical due to the potential exploitation leading to Denial of Service.
How do I fix REDHAT-BUG-2235864?
To fix REDHAT-BUG-2235864, update to a patched version of Xmlsoft Libxml2 that addresses the global buffer overflow.
What could an attacker achieve by exploiting REDHAT-BUG-2235864?
By exploiting REDHAT-BUG-2235864, an attacker can cause Denial of Service by supplying a specially crafted XML file.
Which version of Xmlsoft Libxml2 is affected by REDHAT-BUG-2235864?
Xmlsoft Libxml2 version 2.11.0 is specifically affected by the vulnerability identified as REDHAT-BUG-2235864.
What function in Xmlsoft Libxml2 is responsible for the REDHAT-BUG-2235864 vulnerability?
The xmlSAX2StartElement() function in Xmlsoft Libxml2 is responsible for the vulnerability identified as REDHAT-BUG-2235864.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/references
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-39615
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/xmlsoft
- canonical/libxml2