{
  "threat_severity" : "Critical",
  "public_date" : "2024-12-23T00:00:00Z",
  "bugzilla" : {
    "description" : "libxml2: XXE vulnerability",
    "id" : "2333871",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2333871"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-611",
  "details" : [ "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible.", "A flaw was found in libxml2. In the affected versions of libxml2, the SAX parser can generate events for external entities, even if custom SAX handlers try to override entity content by setting it to \"checked.\" This vulnerability allows classic  XML External Entity (XXE) attacks." ],
  "statement" : "This vulnerability is marked as critical severity instead of important due to its potential to completely compromise system security. By exploiting the XXE vulnerability, an attacker can achieve arbitrary file disclosure (e.g., reading `/etc/passwd`), which exposes sensitive system information and credentials. \nIn worst-case scenarios, the flaw can lead to Remote Code Execution (RCE) in misconfigured environments or cause a Denial of Service (DoS) through resource exhaustion. The issue is especially critical because it stems from a broken protection mechanism (due to the renaming of the \"checked\" member), silently leaving downstream applications vulnerable without their knowledge.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2025-05-13T00:00:00Z",
    "advisory" : "RHBA-2025:6597",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.0",
    "package" : "libxml2-0:2.12.5-5.el10_0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat JBoss Core Services",
    "fix_state" : "Not affected",
    "package_name" : "libxml2",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-40896\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-40896\nhttps://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6\nhttps://gitlab.gnome.org/GNOME/libxml2/-/issues/761" ],
  "name" : "CVE-2024-40896",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}