CVE-2023-39615
published 2023-08-29CVE-2023-39615: Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows…
PriorityP425medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.67%
47.3th percentile
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxml2 | < libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm) | libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm) |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-6.7+deb11u6 | 2.9.10+dfsg-6.7+deb11u6 |
| xmlsoft | libxml2 | >= 0 < 2.9.14+dfsg-1.3~deb12u2 | 2.9.14+dfsg-1.3~deb12u2 |
| xmlsoft | libxml2 | >= 0 < 2.12.7+dfsg+really2.9.14-1 | 2.12.7+dfsg+really2.9.14-1 |
| xmlsoft | libxml2 | >= 0 < 2.12.7+dfsg+really2.9.14-1 | 2.12.7+dfsg+really2.9.14-1 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SINEC NMS
cisa_ics·2024-08-15·CVSS 7.0
[HIGH] Siemens SINEC NMS
ICS Advisory
##
Siemens SINEC NMS
Release DateAugust 15, 2024
Alert CodeICSA-24-228-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 9.4
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SINEC NMS
- Vulnerabilities: Use After Free, Improper Input Validation, Deserialization of Untrusted Data, Improper Restriction of Operations
CISA ICS
Siemens ST7 ScadaConnect
cisa_ics·2024-06-13·CVSS 7.5
[HIGH] Siemens ST7 ScadaConnect
ICS Advisory
##
Siemens ST7 ScadaConnect
Release DateJune 13, 2024
Alert CodeICSA-24-165-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: ST7 ScadaConnect
- Vulnerabilities: Integer Overflow or Wraparound, Double Free, Improper Certificate Validation, Inefficient Regular Ex
CISA ICS
Siemens Telecontrol Server Basic
cisa_ics·2024-04-11
Siemens Telecontrol Server Basic
ICS Advisory
##
Siemens Telecontrol Server Basic
Release DateApril 11, 2024
Alert CodeICSA-24-102-08
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Telecontrol Server Basic
- Vulnerabilities: Inadequate Encryption Strength, Double Free, Integer Overflow or Wraparound, External Control of File Name or Path, Path Traversal, Improper Input Validation, Missing Encry
CISA ICS
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
cisa_ics·2023-12-14
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
ICS Advisory
##
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
Release DateDecember 14, 2023
Alert CodeICSA-23-348-10
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
- Vulnerabilities: Improper Restriction of XML External Entity Reference, Time-of-check Time-of-use (TOCTOU) Race Condition, Command Injection, Miss
Red Hat
libxml2: crafted xml can cause global buffer overflow
vendor_redhat·2023-08-29·CVSS 6.5
CVE-2023-39615 [MEDIUM] CWE-119 libxml2: crafted xml can cause global buffer overflow
libxml2: crafted xml can cause global buffer overflow
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file.
Package: libxml2 (Red Hat Enterprise Linux 6) - Out of support scope
Package: libxml2 (Red Hat Enterprise Linux
Debian
CVE-2023-39615: libxml2 - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the ...
vendor_debian·2023·CVSS 6.5
CVE-2023-39615 [MEDIUM] CVE-2023-39615: libxml2 - Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the ...
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
Scope: local
bookworm: resolved (fixed in 2.9.14+dfsg-1.3~deb12u2)
bullseye: resolved (fixed in 2.9.10+dfsg-6.7+deb11u6)
forky: resolved (fixed in 2.12.7+dfsg+really2.9.14-1)
sid: resolved (fixed in 2.12.7+dfsg+really2.9.14-1)
trixie: resolved (fixed in 2.12.7+dfsg+really2.9.14-1)
OSV
CVE-2023-39615: Xmlsoft Libxml2 v2
osv·2023-08-29·CVSS 6.5
CVE-2023-39615 [MEDIUM] CVE-2023-39615: Xmlsoft Libxml2 v2
Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
GHSA
GHSA-9fj4-8443-vg2m: Xmlsoft Libxml2 v2
ghsa_unreviewed·2023-08-29
CVE-2023-39615 [MEDIUM] CWE-119 GHSA-9fj4-8443-vg2m: Xmlsoft Libxml2 v2
Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file.
No detection rules found.
No public exploits indexed.
2023-08-29
Published