CVE-2023-28484

Summary

CVE	CVE-2023-28484
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-04-24 21:15:00 UTC
Updated	2024-02-01 17:15:00 UTC
Description	In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Risk And Classification

Problem Types: CWE-476

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Application	Xmlsoft	Libxml2	All	All	All	All

References

Reference	Source	Link	Tags
January 2024 MySQL Cluster Vulnerabilities in NetApp Products \| NetApp Product Security		security.netapp.com
libxml2 2.10.4 · GNOME / libxml2 · GitLab	MISC	gitlab.gnome.org
[SECURITY] [DLA 3405-1] libxml2 security update	MLIST	lists.debian.org
April 2023 Libxml2 Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
[CVE-2023-28484] Segfault When Parsing XSD (#491) · Issues · GNOME / libxml2 · GitLab	MISC	gitlab.gnome.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160833 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2023-4349)
160854 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2023-4529)
181745 Debian Security Update for libxml2 (DSA 5391-1)
181756 Debian Security Update for libxml2 (DLA 3405-1)
184060 Debian Security Update for libxml2 (CVE-2023-28484)
199299 Ubuntu Security Notification for libxml2 Vulnerabilities (USN-6028-1)
199399 Ubuntu Security Notification for libxml2 Vulnerabilities (USN-6028-2)
241894 Red Hat Update for libxml2 (RHSA-2023:4349)
241937 Red Hat Update for libxml2 (RHSA-2023:4529)
242753 Red Hat Update for libxml2 (RHSA-2024:0413)
283897 Fedora Security Update for libxml2 (FEDORA-2023-dae7cc20ac)
284181 Fedora Security Update for libxml2 (FEDORA-2023-a521b917c8)
330144 IBM AIX Denial of Service (DoS) Vulnerability in libxml2 (libxml2_advisory5)
354918 Amazon Linux Security Advisory for libxml2 : ALAS2-2023-2021
354929 Amazon Linux Security Advisory for libxml2 : ALAS-2023-1743
355233 Amazon Linux Security Advisory for libxml2 : ALAS2023-2023-163
378891 Alibaba Cloud Linux Security Update for libxml2 (ALINUX3-SA-2023:0111)
378948 Oracle Hypertext Transfer Protocol (HTTP) Server Multiple Vulnerabilities (CPUOCT2023)
502742 Alpine Linux Security Update for libxml2
673079 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2194)
673196 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2316)
673204 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2336)
673245 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2360)
673257 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2386)
673478 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2696)
673540 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2654)
691148 Free Berkeley Software Distribution (FreeBSD) Security Update for libxml2 (0bd7f07b-dc22-11ed-bf28-589cfc0f81b0)
710860 Gentoo Linux libxml2 Multiple Vulnerabilities (GLSA 202402-11)
753947 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2023:2048-1)
753949 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2023:2054-1)
754861 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2023:3665-1)
907101 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (26281-1)
941200 AlmaLinux Security Update for libxml2 (ALSA-2023:4349)
941217 AlmaLinux Security Update for libxml2 (ALSA-2023:4529)
961030 Rocky Linux Security Update for libxml2 (RLSA-2023:4529)