libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
Name | Vendor | Start Version | End Version |
---|---|---|---|
Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | libxml2-0:2.9.1-6.el7_9.9 | * |
Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-19.el8_10 | * |
Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-19.el8_10 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | libxml2-0:2.9.7-9.el8_2.1 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | libxml2-0:2.9.7-9.el8_4.5 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | libxml2-0:2.9.7-9.el8_4.5 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.7-9.el8_4.5 | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | libxml2-0:2.9.7-13.el8_6.8 | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | libxml2-0:2.9.7-13.el8_6.8 | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.7-13.el8_6.8 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | libxml2-0:2.9.7-16.el8_8.7 | * |
Red Hat Enterprise Linux 9 | RedHat | libxml2-0:2.9.13-6.el9_5.2 | * |
Red Hat Enterprise Linux 9 | RedHat | libxml2-0:2.9.13-6.el9_5.2 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.13-1.el9_0.4 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | libxml2-0:2.9.13-3.el9_2.6 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | libxml2-0:2.9.13-9.el9_4 | * |
Red Hat OpenShift Container Platform 4.15 | RedHat | rhcos-415.92.202503190057-0 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8:sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8:sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8:sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8:sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8:sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-kueue-controller-rhel8:sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8:sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8:sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8:sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-model-controller-rhel8:sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-modelmesh-rhel8:sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8:sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2 | * |
Red Hat OpenShift AI 2.16 | RedHat | registry.redhat.io/rhoai/odh-notebook-controller-rhel8:sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5 | * |
Red Hat OpenShift distributed tracing 3.5 | RedHat | registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:12407a15fefa30bb851444d27b00e1815970ae085deca7c17537612ec9e4bff6 | * |
Red Hat OpenShift distributed tracing 3.5 | RedHat | registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:ffd6b70068dd4d6bf7a835c0bbf5b934f26ff2b0f5755130dccb099340550083 | * |
Red Hat OpenShift distributed tracing 3.5 | RedHat | registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:bf3aa3e5522cf90d82fbd34710e08448a93b88a9876c77415a1027f83a195a81 | * |
Libxml2 | Ubuntu | devel | * |
Libxml2 | Ubuntu | esm-infra-legacy/trusty | * |
Libxml2 | Ubuntu | esm-infra/bionic | * |
Libxml2 | Ubuntu | esm-infra/xenial | * |
Libxml2 | Ubuntu | focal | * |
Libxml2 | Ubuntu | jammy | * |
Libxml2 | Ubuntu | noble | * |
Libxml2 | Ubuntu | oracular | * |
Libxml2 | Ubuntu | upstream | * |