In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

References

gitlab.gnome.org/GNOME/libxml2/-/issues/491

gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

lists.debian.org/debian-lts-announce/2023/04/msg00031.html

security.alpinelinux.org/vuln/CVE-2023-28484

security.netapp.com/advisory/ntap-20230601-0006/

security.netapp.com/advisory/ntap-20240201-0005/

prion 1

cvelist 1

debiancve 1

alpinelinux 1

cbl_mariner 1

nessus 57

redhatcve 1

veracode 1

ubuntucve 1

ibm 11

nvd 1

cve 1

f5 1

openvas 29

aix 1

ubuntu 2

fedora 2

rocky 1

redos 1

osv 8

redhat 47

amazon 2

rosalinux 2

debian 2

almalinux 2

oraclelinux 2

github 1

freebsd 1

cloudfoundry 1

mageia 1

photon 3

gentoo 1

slackware 1

ics 4

tenable 1

oracle 3

prion

Null pointer dereference

2023-04-24 21:15:00

cvelist

CVE-2023-28484

2023-04-24 00:00:00

debiancve

CVE-2023-28484

2023-04-24 21:15:09

alpinelinux

CVE-2023-28484

2023-04-24 21:15:09

cbl_mariner

CVE-2023-28484 affecting package libxml2 for versions less than 2.10.4-1

2023-08-03 02:51:21

nessus

F5 Networks BIG-IP : libxml2 vulnerability (K000139641)

2024-05-17 00:00:00

AIX 7.3 TL 1 : libxml2 (IJ47630)

2023-07-26 00:00:00

AlmaLinux 8 : libxml2 (ALSA-2023:4529)

2023-08-09 00:00:00

redhatcve

CVE-2023-28484

2023-04-11 19:29:40

veracode

Denial Of Service (DoS)

2023-04-25 08:12:01

ubuntucve

CVE-2023-28484

2023-04-12 00:00:00

ibm

Security Bulletin: CVE-2023-28484 may affect IBM CICS TX Advanced 10.1

2023-06-08 16:41:16

Security Bulletin: AIX is vulnerable to a denial of service due to libxml2 (CVE-2023-29469 and CVE-2023-28484)

2023-10-11 19:02:33

Security Bulletin: Vulnerabilities in libxml2 library (CVE-2023-28484, CVE-2023-29469) affect Power HMC.

2024-04-16 17:05:35

nvd

CVE-2023-28484

2023-04-24 21:15:09

cve

CVE-2023-28484

2023-04-24 21:15:09

K000139641: libxml2 vulnerability CVE-2023-28484

2024-05-17 00:00:00

openvas

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2514)

2023-08-01 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2194)

2023-06-09 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2386)

2023-07-17 00:00:00

aix

AIX is vulnerable to a denial of service due to libxml2

2023-07-25 11:08:32

ubuntu

libxml2 vulnerabilities

2023-04-19 00:00:00

libxml2 vulnerabilities

2023-06-07 00:00:00

fedora

[SECURITY] Fedora 38 Update: libxml2-2.10.4-1.fc38

2023-04-18 01:40:06

[SECURITY] Fedora 37 Update: libxml2-2.10.4-1.fc37

2023-04-18 01:32:12

rocky

libxml2 security update

2023-10-06 23:10:01

redos

ROS-20230616-04

2023-06-16 00:00:00

osv

libxml2 - security update

2023-04-30 00:00:00

libxml2 vulnerabilities

2023-04-19 13:42:53

Moderate: libxml2 security update

2023-08-01 00:00:00

redhat

(RHSA-2023:4529) Moderate: libxml2 security update

2023-08-08 07:21:37

(RHSA-2023:4349) Moderate: libxml2 security update

2023-08-01 07:58:11

(RHSA-2024:0413) Moderate: libxml2 security update

2024-01-24 14:40:23

amazon

Medium: libxml2

2023-04-27 18:36:00

Medium: libxml2

2023-04-27 16:19:00

rosalinux

Advisory ROSA-SA-2023-2319

2023-12-26 12:04:20

Advisory ROSA-SA-2024-2321

2024-01-09 09:53:22

debian

[SECURITY] [DLA 3405-1] libxml2 security update

2023-04-30 11:00:47

[SECURITY] [DSA 5391-1] libxml2 security update

2023-04-20 20:45:49

almalinux

Moderate: libxml2 security update

2023-08-08 00:00:00

Moderate: libxml2 security update

2023-08-01 00:00:00

oraclelinux

libxml2 security update

2023-08-10 00:00:00

libxml2 security update

2023-08-02 00:00:00

github

Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

2023-04-11 21:48:01

freebsd

libxml2 -- multiple vulnerabilities

2023-04-11 00:00:00

cloudfoundry

USN-6028-1: libxml2 vulnerabilities | Cloud Foundry

2023-04-29 00:00:00

mageia

Updated libxml2 packages fix security vulnerability

2023-05-06 21:19:07

photon

Moderate Photon OS Security Update - PHSA-2023-3.0-0569

2023-04-23 00:00:00

Moderate Photon OS Security Update - PHSA-2023-5.0-0001

2023-05-02 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0380

2023-04-25 00:00:00

gentoo

libxml2: Multiple Vulnerabilities

2024-02-09 00:00:00

slackware

[slackware-security] libxml2

2023-12-10 01:15:09

ics

Siemens SIMATIC and SIPLUS

2024-06-13 12:00:00

Siemens ST7 ScadaConnect

2024-06-13 12:00:00

Siemens Telecontrol Server Basic

2024-04-11 12:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.9%

JSON

Related for OSV:CVE-2023-28484