CVE-2024-34392

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published May 2, 2024

Updated: Aug 1, 2024

CWE ID 843

Summary

CVE-2024-34392 is a newly disclosed vulnerability affecting the libxmljs library. This issue arises when processing a maliciously crafted XML file. During the parsing process, a type confusion vulnerability is triggered when invoking the namespaces() function on a descendant node that references an entity. Consequences of this vulnerability can range from denial of service attacks to potentially more severe remote code execution. Users are advised to update their libxmljs installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vugHx3
https://www.cve.org/CVERecord?id=CVE-2024-34392
https://nvd.nist.gov/vuln/detail/CVE-2024-34392

Back to Vulnerability Database

CVE-2024-34392

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations