ALT Linux Team

Package libxslt update in sisyphus_riscv64 on 2022-10-01

ALT-PU-2022-6336-1

Package libxslt updated to version 1.1.37-alt1 for branch sisyphus_riscv64.

Closed vulnerabilities

Published: 2022-03-08

BDU:2022-03033

Уязвимость компонентов buf.c и tree.c библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: HIGH (7.1) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
References:
Published: 2022-05-03
Modified: 2024-11-21

CVE-2022-29824

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top