CVE-2024-34393

EPSS 3.26%
Veröffentlicht 02.05.2024 19:15:06
Zuletzt bearbeitet 25.11.2024 13:15:06
Quelle reefs@jfrog.com
CVE-Watchlists
Login
Unerledigt
Login

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerlibxmljs_project

≫

Produkt libxmljs

Default Statusunknown

Version <= 0.33.0

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.26%	0.867

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
reefs@jfrog.com	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://github.com/marudor/libxmljs2/issues/204

https://research.jfrog.com/vulnerabilities/libxmljs2-attrs-type-confusion-rce-jfsa-2024-001034097/

https://nvd.nist.gov/vuln/detail/CVE-2024-34393

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34393

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34393

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-34393