Vulnerabilities > CVE-2023-28484 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
xmlsoft
debian
CWE-476
NVD
Published: 2023-04-24
Updated: 2024-02-01

Summary

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

Vulnerable Configurations

Part Description Count
Application
Xmlsoft
180
OS
Debian
1

Common Weakness Enumeration (CWE)

References