CLSA-2023-1696537106
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2023-1696537106.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2023-1696537106
- Upstream
- Published
- 2023-10-05T20:18:30Z
- Modified
- 2026-06-01T00:33:17.279774160Z
- Summary
- libxml2: Fix of 5 CVEs
- Details
-
- CVE-2021-3517: fix flaw in the xml entity encoding
- CVE-2021-3518: fix dangling pointers in entity reference nodes
- CVE-2022-23308: fix use-after-free of ID and IDREF attributes
- CVE-2022-40303: fix integer counters overflow when parsing a multi-gigabyte XML
- CVE-2022-40304: fix double free as a result of an invalid XML entity
- fix testapi.c to avoid false positive test errors
- fix a parser and fix a null pointer dereference
- References
Affected packages
TuxCare:CentOS:7 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:rpm/tuxcare/libxml2?distro=centos-7
TuxCare:CentOS:7 / libxml2-devel
Package
- Name
- libxml2-devel
- Purl
- pkg:rpm/tuxcare/libxml2-devel?distro=centos-7
TuxCare:CentOS:7 / libxml2-python
Package
- Name
- libxml2-python
- Purl
- pkg:rpm/tuxcare/libxml2-python?distro=centos-7