CVE-2023-39615

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 29, 2023

Updated: Aug 2, 2024

CWE ID 119

Summary

CVE-2023-39615 is a newly discovered vulnerability affecting version 2.11.0 of Libxml2 in Xmlsoft. This issue stems from an out-of-bounds read vulnerability located in the xmlSAX2StartElement() function, found at /libxml2/SAX2.c. An attacker can exploit this weakness by providing a specially crafted XML file, leading to a Denial of Service (DoS) condition. Despite the vendor's statement that the product does not support the legacy SAX1 interface with custom callbacks, the vulnerability results in a crash even when no crafted input is present.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sP3E84
https://www.cve.org/CVERecord?id=CVE-2023-39615
https://nvd.nist.gov/vuln/detail/CVE-2023-39615

Back to Vulnerability Database

CVE-2023-39615

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations