CVE-2023-39615
Published: 29 August 2023
** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
Notes
| Author | Note |
|---|---|
| ccdm94 | as explained by upstream in issue #535, this is not considered a security issue, but, instead, a mode of operation that was not working properly, regardless of the input provided. It is also not possible to reproduce the issue in versions older than 2.11.0, meaning, no Ubuntu releases as of 2022-11-21 would allow this, the provided PoC not being able to generate the crash on these releases. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libxml2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(see notes)
|
| focal |
Not vulnerable
(see notes)
|
|
| jammy |
Not vulnerable
(see notes)
|
|
| lunar |
Not vulnerable
(see notes)
|
|
| mantic |
Not vulnerable
(see notes)
|
|
| trusty |
Not vulnerable
(see notes)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(see notes)
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 6.5 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |