CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 4CVE-2022-29824 – libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write
https://notcve.org/view.php?id=CVE-2022-29824
03 May 2022 — In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. En libxml2 versiones anteriores a 2.9.14, varias funciones de manejo de búferes en buf.c (xmlBuf*) y tree.c (xmlBuffer*) no comprueban los desbor... • https://packetstorm.news/files/id/167345 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 0%CPEs: 58EXPL: 0CVE-2022-23308 – libxml2: Use-after-free of ID and IDREF attributes
https://notcve.org/view.php?id=CVE-2022-23308
26 Feb 2022 — valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. El archivo valid.c en libxml2 versiones anteriores a 2.9.13, presenta un uso de memoria previamente liberada de los atributos ID e IDREF. A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue. Red Hat JBoss Core Services is a set of supplementary s... • http://seclists.org/fulldisclosure/2022/May/33 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 27EXPL: 0CVE-2021-3541 – libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms
https://notcve.org/view.php?id=CVE-2021-3541
17 Jun 2021 — A flaw was found in libxml2. Exponential entity expansion attack its possible bypassing all existing protection mechanisms and leading to denial of service. Se ha encontrado un fallo en libxml2. Es posible un ataque de expansión exponencial de entidades omitiendo todos los mecanismos de protección existentes y conllevando a una denegación de servicio Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to m... • https://bugzilla.redhat.com/show_bug.cgi?id=1950515 • CWE-400: Uncontrolled Resource Consumption CWE-776: Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') •
CVSS: 8.6EPSS: 1%CPEs: 34EXPL: 0CVE-2021-3517 – libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
https://notcve.org/view.php?id=CVE-2021-3517
19 May 2021 — There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most likely impact of this flaw is to application availability, with some potential impact to confidentiality and integrity if an attacker is able to use memory information to further exploit the application. Se presenta un fallo en la funcion... • https://bugzilla.redhat.com/show_bug.cgi?id=1954232 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2021-3518 – libxml2: Use-after-free in xmlXIncludeDoProcess() in xinclude.c
https://notcve.org/view.php?id=CVE-2021-3518
18 May 2021 — There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability. Se presenta un fallo en libxml2 en versiones anteriores a 2.9.11. Un atacante que pueda enviar un archivo diseñado para que sea procesado por una aplicación vinculada con libxml2 podría desencadenar un uso de la memoria previamente ... • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2021-3537 – libxml2: NULL pointer dereference when post-validating mixed content parsed in recovery mode
https://notcve.org/view.php?id=CVE-2021-3537
14 May 2021 — A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability. Una vulnerabilidad encontrada en libxml2 en versiones anteriores a 2.9.11 muestra que no propagó errores al analizar el contenido mixto XML, causando una des... • https://bugzilla.redhat.com/show_bug.cgi?id=1956522 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-19956 – libxml2: memory leak in xmlParseBalancedChunkMemoryRecover in parser.c
https://notcve.org/view.php?id=CVE-2019-19956
24 Dec 2019 — xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. La función xmlParseBalancedChunkMemoryRecover en el archivo parser.c en libxml2 versiones anteriores a 2.9.10, presenta una pérdida de memoria relacionada con newDoc-)oldNs. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Ha... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html • CWE-401: Missing Release of Memory after Effective Lifetime CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9598 – libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)
https://notcve.org/view.php?id=CVE-2016-9598
16 Aug 2018 — libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. libxml2, tal y como se usa en Red Hat JBoss Core Services, permite que los atacantes dependientes de contexto provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un documento XML. NOTA: Esta vul... • https://access.redhat.com/errata/RHSA-2018:2486 • CWE-125: Out-of-bounds Read CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9596 – libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)
https://notcve.org/view.php?id=CVE-2016-9596
16 Aug 2018 — libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. libxml2, tal y como se usa en Red Hat JBoss Core Services y en modo de recuperación, permite que los atacantes dependientes de contexto provoquen una denegación de servicio (consumo de pila) mediante un documento XML. NOTA: Esta vulnerabilidad ex... • https://bugzilla.redhat.com/show_bug.cgi?id=1408302 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2018-14404 – libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c
https://notcve.org/view.php?id=CVE-2018-14404
19 Jul 2018 — A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application. Existe una vulnerabilidad de desreferencia de puntero NULL en la función xpath.c:xmlXPathCompOpEval() de libxml2 hasta la versión 2.9.8 al an... • https://access.redhat.com/errata/RHSA-2019:1543 • CWE-476: NULL Pointer Dereference •