{ "threat_severity" : "Moderate", "public_date" : "2023-08-29T00:00:00Z", "bugzilla" : { "description" : "libxml2: crafted xml can cause global buffer overflow", "id" : "2235864", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2235864" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-119", "details" : [ "Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.", "A flaw was found in Libxml2, where it contains a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a denial of service (DoS) by supplying a crafted XML file." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-01-10T00:00:00Z", "advisory" : "RHSA-2024:0119", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "libxml2-0:2.9.7-18.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2024-01-10T00:00:00Z", "advisory" : "RHSA-2024:0119", "cpe" : "cpe:/o:redhat:enterprise_linux:8", "package" : "libxml2-0:2.9.7-18.el8_9" }, { "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date" : "2024-01-25T00:00:00Z", "advisory" : "RHSA-2024:0413", "cpe" : "cpe:/a:redhat:rhel_eus:8.6", "package" : "libxml2-0:2.9.7-13.el8_6.4" }, { "product_name" : "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date" : "2023-11-28T00:00:00Z", "advisory" : "RHSA-2023:7544", "cpe" : "cpe:/a:redhat:rhel_eus:8.8", "package" : "libxml2-0:2.9.7-16.el8_8.2" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-12-12T00:00:00Z", "advisory" : "RHSA-2023:7747", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "libxml2-0:2.9.13-5.el9_3" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2023-12-12T00:00:00Z", "advisory" : "RHSA-2023:7747", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "libxml2-0:2.9.13-5.el9_3" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-03-25T00:00:00Z", "advisory" : "RHSA-2024:1477", "cpe" : "cpe:/a:redhat:openshift:4.13::el9", "package" : "openshift4-wincw/windows-machine-config-operator-bundle:v8.1.2-13" }, { "product_name" : "Red Hat OpenShift Container Platform 4.13", "release_date" : "2024-03-25T00:00:00Z", "advisory" : "RHSA-2024:1477", "cpe" : "cpe:/a:redhat:openshift:4.13::el9", "package" : "openshift4-wincw/windows-machine-config-rhel9-operator:8.1.2-13" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/cephcsi-rhel9:v4.15.0-37" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/mcg-core-rhel9:v4.15.0-68" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/mcg-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/mcg-rhel9-operator:v4.15.0-39" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-client-console-rhel9:v4.15.0-58" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-client-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-client-rhel9-operator:v4.15.0-13" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-metrics-exporter-rhel9:v4.15.0-81" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-rhel9-operator:v4.15.0-79" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-cli-rhel9:v4.15.0-22" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-console-rhel9:v4.15.0-57" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-cosi-sidecar-rhel9:v4.15.0-6" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-csi-addons-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-csi-addons-rhel9-operator:v4.15.0-15" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-csi-addons-sidecar-rhel9:v4.15.0-15" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.15.0-54" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-multicluster-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-multicluster-rhel9-operator:v4.15.0-10" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-must-gather-rhel9:v4.15.0-26" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-rhel9-operator:v4.15.0-19" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odr-cluster-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odr-hub-operator-bundle:v4.15.0-158" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odr-rhel9-operator:v4.15.0-21" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2024-03-19T00:00:00Z", "advisory" : "RHSA-2024:1383", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/rook-ceph-rhel9-operator:v4.15.0-103" }, { "product_name" : "Text-Only JBCS", "release_date" : "2023-12-07T00:00:00Z", "advisory" : "RHSA-2023:7626", "cpe" : "cpe:/a:redhat:jboss_core_services:1", "package" : "libxml2" }, { "product_name" : "Text-Only JBCS", "release_date" : "2024-03-18T00:00:00Z", "advisory" : "RHSA-2024:1317", "cpe" : "cpe:/a:redhat:jboss_core_services:1", "package" : "libxml2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "libxml2", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "libxml2", "cpe" : "cpe:/o:redhat:enterprise_linux:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-39615\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39615\nhttps://gitlab.gnome.org/GNOME/libxml2/-/issues/535" ], "name" : "CVE-2023-39615", "csaw" : false }