Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2024-2467
HistoryAug 12, 2024 - 1:04 p.m.

Advisory ROSA-SA-2024-2467

2024-08-1213:04:30
ROSA LAB
abf.rosalinux.ru
2
libxml2
rosa-chrome
vulnerability
memory usage
denial of service
remote attack
cve-2023-45322
cve-2022-2309
fixed
update.

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

0.005

Percentile

75.9%

JSON

software: libxml2 2.9.14
OS: ROSA-CHROME

package_evr_string: libxml2-2.9.14-5

CVE-ID: CVE-2023-45322
BDU-ID: 2023-06827
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the xmlUnlinkNode function (tree.c) of the libxml2 library is related to memory usage after it is freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxml2

CVE-ID: CVE-2022-2309
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Dereferencing a NULL pointer allows attackers to cause a denial of service (or application crash). This is only applicable when lxml is used in conjunction with libxml2. This allows failures to be caused via spoofed input, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code should not be widely used, given that parsing + iterwalk are usually replaced by the more efficient iterparse function. However, for example, an XML converter that serializes to C14N would also be vulnerable, and there are legitimate uses for this code sequence. If untrusted input data is received (also remotely) and processed using the iterwalk function, a crash may be caused.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libxml2

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibxml2< 2.9.14UNKNOWN

Related

amazon 2
prion 2
redos 1
nessus 67
openvas 50
alpinelinux 2
cvelist 2
osv 9
cve 2
redhatcve 2
cbl_mariner 5
cgr 1
veracode 2
ubuntucve 2
mageia 3
nvd 2
wolfi 1
debiancve 2
fedora 2
rocky 1
almalinux 1
huntr 1
ibm 3
oraclelinux 1
suse 1
redhat 3
photon 8
github 2
ubuntu 2
gentoo 2
cloudfoundry 1
ics 1
amazon
amazon
Important: libxml2
2023-10-30 23:59:00
Important: libxml2
2023-10-30 23:31:00
prion
prion
Design/Logic Flaw
2023-10-06 22:15:00
Null pointer dereference
2022-07-05 10:15:00
redos
redos
ROS-20231013-03
2023-10-13 00:00:00
nessus
nessus
SUSE SLES12 Security Update : libxml2 (SUSE-SU-2023:4505-1)
2023-11-22 00:00:00
EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2024-1066)
2024-01-16 00:00:00
EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2024-1090)
2024-01-16 00:00:00
openvas
openvas
openSUSE: Security Advisory for libxml2 (SUSE-SU-2023:4464-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1403)
2024-03-21 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2024-1431)
2024-03-21 00:00:00
alpinelinux
alpinelinux
CVE-2023-45322
2023-10-06 22:15:11
CVE-2022-2309
2022-07-05 10:15:08
cvelist
cvelist
CVE-2023-45322
2023-10-06 00:00:00
CVE-2022-2309 NULL Pointer Dereference in lxml/lxml
2022-07-05 09:00:12
osv
osv
CGA-2mq2-pxq9-3fqm
2024-06-06 12:21:06
lxml NULL Pointer Dereference allows attackers to cause a denial of service
2022-07-06 00:00:30
Moderate: python-lxml security update
2022-11-15 06:18:49
cve
cve
CVE-2023-45322
2023-10-06 22:15:11
CVE-2022-2309
2022-07-05 10:15:08
redhatcve
redhatcve
CVE-2023-45322
2023-10-10 04:54:39
CVE-2022-2309
2022-07-15 13:04:43
cbl_mariner
cbl_mariner
CVE-2023-45322 affecting package libxml2 for versions less than 2.10.4-2
2023-11-08 02:07:28
CVE-2022-2309 affecting package libxml2 for versions less than 2.10.0-1
2022-09-16 06:05:34
CVE-2022-2309 affecting package libxml2 2.9.14-1
2022-09-17 05:56:34
cgr
cgr
CVE-2023-45322 vulnerabilities
2024-05-19 03:07:16
veracode
veracode
Memory Leak
2023-12-01 07:35:40
Denial Of Service (DoS)
2022-07-06 04:58:39
ubuntucve
ubuntucve
CVE-2023-45322
2023-10-06 00:00:00
CVE-2022-2309
2022-07-05 00:00:00
mageia
mageia
Updated libxml2 packages fix a security vulnerability
2023-10-23 00:04:51
Updated python-lxml packages fix security vulnerability
2022-09-16 22:39:55
Updated libxml2 packages fix security vulnerability
2023-05-06 21:19:07
nvd
nvd
CVE-2023-45322
2023-10-06 22:15:11
CVE-2022-2309
2022-07-05 10:15:08
wolfi
wolfi
CVE-2023-45322 vulnerabilities
2024-09-16 09:11:42
debiancve
debiancve
CVE-2023-45322
2023-10-06 22:15:11
CVE-2022-2309
2022-07-05 10:15:08
fedora
fedora
[SECURITY] Fedora 37 Update: python-lxml-4.9.1-1.fc37
2022-09-24 00:16:40
[SECURITY] Fedora 36 Update: python-lxml-4.7.1-3.fc36
2022-09-18 01:16:25
rocky
rocky
python-lxml security update
2022-11-15 06:18:49
almalinux
almalinux
Moderate: python-lxml security update
2022-11-15 00:00:00
huntr
huntr
NULL Pointer Dereference in function _appendStartNsEvents
2022-06-19 02:34:37
ibm
ibm
Security Bulletin: A vulnerability in libxml2 affects Tivoli Netcool/OMNIbus (CVE-2022-2309)
2023-10-24 08:49:06
Security Bulletin: IBM Storage Ceph is vulnerable to Use After Free in the RHEL UBI (CVE-2024-25062, CVE-2023-39615, CVE-2023-45322)
2024-07-19 22:40:30
Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities fixed in 9.7.2.7
2023-04-25 08:12:52
oraclelinux
oraclelinux
python-lxml security update
2022-11-22 00:00:00
suse
suse
Security update for python-lxml (important)
2022-08-26 00:00:00
redhat
redhat
(RHSA-2022:8226) Moderate: python-lxml security update
2022-11-15 06:18:49
(RHSA-2023:3367) Important: OpenShift Container Platform 4.13.2 bug fix and security update
2023-06-07 01:48:02
(RHSA-2023:3742) Important: Red Hat OpenShift Data Foundation 4.13.0 security and bug fix update
2023-06-21 15:20:50
photon
photon
Important Photon OS Security Update - PHSA-2022-0227
2022-08-12 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0434
2022-08-13 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0227
2022-08-12 00:00:00
github
github
lxml NULL Pointer Dereference allows attackers to cause a denial of service
2022-07-06 00:00:30
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
2022-10-18 18:12:31
ubuntu
ubuntu
libxml2 vulnerabilities
2023-06-07 00:00:00
libxml2 vulnerabilities
2022-12-05 00:00:00
gentoo
gentoo
libxml2: Multiple Vulnerabilities
2024-02-09 00:00:00
lxml: Multiple Vulnerabilities
2022-08-10 00:00:00
cloudfoundry
cloudfoundry
USN-5760-1: libxml2 vulnerabilities | Cloud Foundry
2023-01-26 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

Low

EPSS

0.005

Percentile

75.9%

JSON
Related for ROSA-SA-2024-2467
amazon2prion2redos1nessus67openvas50alpinelinux2cvelist2osv9cve2redhatcve2cbl_mariner5cgr1veracode2ubuntucve2mageia3nvd2wolfi1debiancve2fedora2rocky1almalinux1huntr1ibm3oraclelinux1suse1redhat3photon8github2ubuntu2gentoo2cloudfoundry1ics1