Updated: 2023-11-07 19:31:26.816851
Description:
A vulnerability found in libxml2 in versions before 2.9.11 shows that it did not propagate errors while parsing XML mixed content, causing a NULL dereference. If an untrusted XML document was parsed in recovery mode and post-validated, the flaw could be used to crash the application. The highest threat from this vulnerability is to system availability.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | MEDIUM | 4.3 |
CVSS Version 3.x | MEDIUM | 5.9 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
CentOS 6 ELS | libxml2 | 2.7.6 | 5.9 | MEDIUM | Released | CLSA-2022:1641903536 | 2022-05-05 12:03:58 |
CentOS 6 ELS | java-1.8.0-openjdk | 1.8.0 | 5.9 | MEDIUM | Ignored | 2022-04-19 21:49:53 | |
CentOS 7 ELS | java-1.8.0-openjdk | 1.8.0 | 5.9 | MEDIUM | Ignored | 2023-11-17 08:26:04 | |
CentOS 7 ELS | libxml2 | 2.9.1 | 5.9 | MEDIUM | Ignored | 2023-09-19 09:30:21 | |
CentOS 8.4 ELS | java-1.8.0-openjdk | 1.8.0 | 5.9 | MEDIUM | Not Vulnerable | 2023-10-27 11:24:12 | |
CentOS 8.4 ELS | libxml2 | 2.9.7-9 | 5.9 | MEDIUM | Already Fixed | 2023-10-30 11:22:09 | |
CentOS 8.5 ELS | java-1.8.0-openjdk | 1.8.0 | 5.9 | MEDIUM | Not Vulnerable | 2023-11-07 04:06:44 | |
CentOS 8.5 ELS | libxml2 | 2.9.7-9 | 5.9 | MEDIUM | Already Fixed | 2023-10-30 11:22:09 | |
CloudLinux 6 ELS | libxml2 | 2.7.6 | 5.9 | MEDIUM | Released | CLSA-2021:1640697686 | 2022-04-19 21:49:51 |
CloudLinux 6 ELS | java-1.8.0-openjdk | 1.8.0 | 5.9 | MEDIUM | Ignored | 2022-04-19 21:49:53 |