Sign In

CVE-2023-39615

ADVISORY - nist

Summary

Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.

EPSS Score: 0.00093 (0.271)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in