CVE Vulnerabilities

CVE-2023-28484

NULL Pointer Dereference

Published: Apr 24, 2023 | Modified: Feb 01, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
5.9 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Libxml2 Xmlsoft * 2.10.4 (excluding)
Red Hat Enterprise Linux 8 RedHat libxml2-0:2.9.7-16.el8_8.1 *
Red Hat Enterprise Linux 8 RedHat libxml2-0:2.9.7-16.el8_8.1 *
Red Hat Enterprise Linux 8.6 Extended Update Support RedHat libxml2-0:2.9.7-13.el8_6.4 *
Red Hat Enterprise Linux 9 RedHat libxml2-0:2.9.13-3.el9_2.1 *
Red Hat Enterprise Linux 9 RedHat libxml2-0:2.9.13-3.el9_2.1 *
Red Hat JBoss Core Services 1 RedHat libxml2 *
Libxml2 Ubuntu bionic *
Libxml2 Ubuntu esm-infra/bionic *
Libxml2 Ubuntu esm-infra/xenial *
Libxml2 Ubuntu focal *
Libxml2 Ubuntu jammy *
Libxml2 Ubuntu kinetic *
Libxml2 Ubuntu lunar *
Libxml2 Ubuntu trusty *
Libxml2 Ubuntu trusty/esm *
Libxml2 Ubuntu xenial *

Potential Mitigations

References