In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libxml2 | Xmlsoft | * | 2.13.8 (excluding) |
Libxml2 | Xmlsoft | 2.14.0 (including) | 2.14.2 (excluding) |
Red Hat Enterprise Linux 10 | RedHat | libxml2-0:2.12.5-9.el10_0 | * |
Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | libxml2-0:2.9.1-6.el7_9.13 | * |
Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-21.el8_10.3 | * |
Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-21.el8_10.3 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | libxml2-0:2.9.7-9.el8_2.5 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | libxml2-0:2.9.7-9.el8_4.8 | * |
Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | libxml2-0:2.9.7-9.el8_4.8 | * |
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | libxml2-0:2.9.7-13.el8_6.12 | * |
Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | libxml2-0:2.9.7-13.el8_6.12 | * |
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.7-13.el8_6.12 | * |
Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | libxml2-0:2.9.7-16.el8_8.12 | * |
Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.7-16.el8_8.12 | * |
Red Hat Enterprise Linux 9 | RedHat | libxml2-0:2.9.13-12.el9_6 | * |
Red Hat Enterprise Linux 9 | RedHat | libxml2-0:2.9.13-12.el9_6 | * |
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.13-1.el9_0.7 | * |
Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.13-3.el9_2.9 | * |
Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | libxml2-0:2.9.13-12.el9_4 | * |
Red Hat JBoss Core Services 2.4.62.SP1 | RedHat | libxml2 | * |
Red Hat OpenShift Container Platform 4.17 | RedHat | rhcos | * |
Red Hat Discovery 2 | RedHat | registry.redhat.io/discovery/discovery-server-rhel9:sha256:7d200c5dcd40e0885171fe20e3edb5d432a8675080846fb3ba273c601c5957a1 | * |
Red Hat Insights proxy 1.5 | RedHat | registry.redhat.io/insights-proxy/insights-proxy-container-rhel9:sha256:3fa6c89778502bfb0b16ef8ff3c576467e8a21269afb2380c4ae176ee2fc7fec | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-agent-rhel8:sha256:a3e7ac42823a2f58d15b52b5c729ae34f3e119122fb4defae4754e6ab14dabcd | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-all-in-one-rhel8:sha256:b45f86232d16959194bad4cc59debfc5253c3c07b81f2a2c66e15d7898d0f114 | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-collector-rhel8:sha256:6f60741c03460bfdc70789640b83b8c2611f62bd3971a7eeb8316c895e4cbf48 | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-es-index-cleaner-rhel8:sha256:c56438a8b89d2c25209e3b50a6d45e050c26b514179d0781e7ee223f32dce7d2 | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-es-rollover-rhel8:sha256:802a78aa94df0a14b8a0ddd350e128141ebc0b8c18730b7a54947ba7431d6bc2 | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-ingester-rhel8:sha256:453d643c17511e3e981706e5ba5b88ee8df3334dc38232ecb2069f67e269cc8b | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-operator-bundle:sha256:264613b2add0f32e5f537ee7cf9ba8019e5e9a347fdf20bc3de8d1678157ba66 | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-query-rhel8:sha256:f5597ccb53daabec083dfea3b0f0f635e159591f2243ecfc44c6a165c6653a5f | * |
Red Hat OpenShift distributed tracing 3.5.3 | RedHat | registry.redhat.io/rhosdt/jaeger-rhel8-operator:sha256:dc1731fd9e662d103f60a097833260adb9bbeb94b401281d9c65169e5db86bf8 | * |
Libxml2 | Ubuntu | devel | * |
Libxml2 | Ubuntu | esm-infra/bionic | * |
Libxml2 | Ubuntu | esm-infra/focal | * |
Libxml2 | Ubuntu | esm-infra/xenial | * |
Libxml2 | Ubuntu | focal | * |
Libxml2 | Ubuntu | jammy | * |
Libxml2 | Ubuntu | noble | * |
Libxml2 | Ubuntu | oracular | * |
Libxml2 | Ubuntu | plucky | * |
Specified quantities include size, length, frequency, price, rate, number of operations, time, and others. Code may rely on specified quantities to allocate resources, perform calculations, control iteration, etc. When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc.