cbcvebase.
CVE-2024-34459
published 2024-05-14

CVE-2024-34459: An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a…

PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
2.30%
81.1th percentile
An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

Affected

23 ranges
VendorProductVersion rangeFixed in
debianlibxml2< libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)libxml2 2.9.14+dfsg-1.3~deb12u2 (bookworm)
msrcazl3_libxml2_2.11.5-3_on_azure_linux_3.0
msrcazl3_libxml2_2.11.5-5_on_azure_linux_3.0
msrccbl2_libxml2_2.10.4-3_on_cbl_mariner_2.0
msrccbl2_libxml2_2.10.4-6_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
nokogirinokogiri>= 0 < 1.16.51.16.5
xmlsoftlibxml2< 2.11.82.11.8
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-6.7+deb11u82.9.10+dfsg-6.7+deb11u8
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.3~deb12u22.9.14+dfsg-1.3~deb12u2
xmlsoftlibxml2>= 0 < 2.12.7+dfsg+really2.9.14-0.42.12.7+dfsg+really2.9.14-0.4
xmlsoftlibxml2>= 0 < 2.12.7+dfsg+really2.9.14-0.42.12.7+dfsg+really2.9.14-0.4
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.92.9.10+dfsg-5ubuntu0.20.04.9
xmlsoftlibxml2>= 0 < 2.9.10+dfsg-5ubuntu0.20.04.82.9.10+dfsg-5ubuntu0.20.04.8
xmlsoftlibxml2>= 0 < 2.9.13+dfsg-1ubuntu0.62.9.13+dfsg-1ubuntu0.6
xmlsoftlibxml2>= 0 < 2.9.13+dfsg-1ubuntu0.52.9.13+dfsg-1ubuntu0.5
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.3ubuntu3.22.9.14+dfsg-1.3ubuntu3.2
xmlsoftlibxml2>= 0 < 2.9.14+dfsg-1.3ubuntu3.12.9.14+dfsg-1.3ubuntu3.1
xmlsoftlibxml2>= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm72.9.1+dfsg1-3ubuntu4.13+esm7
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm72.9.3+dfsg1-1ubuntu0.7+esm7
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-6.1ubuntu1.9+esm22.9.4+dfsg1-6.1ubuntu1.9+esm2
xmlsoftlibxml2>= 2.12.0 < 2.12.72.12.7

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa7.5HIGH
osv7.8HIGH
vendor_ubuntu8.1HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.