cbcvebase.
CVE-2023-28484
published 2023-04-24

CVE-2023-28484: In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in…

PriorityP426medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
1.09%
61.2th percentile
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Affected

16 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debianlibxml2< libxml2 2.9.14+dfsg-1.2 (bookworm)libxml2 2.9.14+dfsg-1.2 (bookworm)
msrccbl2_libxml2_2.10.4-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
nokogirinokogiri>= 0 < 1.14.31.14.3
xmlsoftlibxml2< 2.10.42.10.4
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-6.7+deb11u42.9.10+dfsg-6.7+deb11u4
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.22.9.14+dfsg-1.2
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.22.9.14+dfsg-1.2
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.22.9.14+dfsg-1.2
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-6.1ubuntu1.92.9.4+dfsg1-6.1ubuntu1.9
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.62.9.10+dfsg-5ubuntu0.20.04.6
xmlsoftlibxml2>= 0 < 2.9.13+dfsg-1ubuntu0.32.9.13+dfsg-1ubuntu0.3
xmlsoftlibxml2>= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm52.9.1+dfsg1-3ubuntu4.13+esm5
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm52.9.3+dfsg1-1ubuntu0.7+esm5

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_oracle6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.