In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libxml2 | Xmlsoft | * | 2.10.4 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-16.el8_8.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-16.el8_8.1 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | libxml2-0:2.9.7-13.el8_6.4 | * |
| Red Hat Enterprise Linux 9 | RedHat | libxml2-0:2.9.13-3.el9_2.1 | * |
| Red Hat Enterprise Linux 9 | RedHat | libxml2-0:2.9.13-3.el9_2.1 | * |
| Text-Only JBCS | RedHat | libxml2 | * |
| Libxml2 | Ubuntu | bionic | * |
| Libxml2 | Ubuntu | esm-infra-legacy/trusty | * |
| Libxml2 | Ubuntu | esm-infra/bionic | * |
| Libxml2 | Ubuntu | esm-infra/focal | * |
| Libxml2 | Ubuntu | esm-infra/xenial | * |
| Libxml2 | Ubuntu | focal | * |
| Libxml2 | Ubuntu | jammy | * |
| Libxml2 | Ubuntu | kinetic | * |
| Libxml2 | Ubuntu | lunar | * |
| Libxml2 | Ubuntu | trusty | * |
| Libxml2 | Ubuntu | trusty/esm | * |
| Libxml2 | Ubuntu | xenial | * |
Potential Mitigations
References
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/491
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
- https://security.netapp.com/advisory/ntap-20230601-0006/
- https://security.netapp.com/advisory/ntap-20240201-0005/
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/491
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
- https://security.netapp.com/advisory/ntap-20230601-0006/
- https://security.netapp.com/advisory/ntap-20240201-0005/