suse · CVE-2023-28484

Quick triage

Priority: medium Published: 2023-04-13 23:15:11 UTC Updated: 2026-03-05 03:44:46 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2023-28484 severity moderate: SUSE including 362 source package names (0.23.0.3.2.423:libxml2-2-2.9.7-150000.3.57.1, 1.10.1.16.4.5.392:libxml2-2-2.9.7-150000.3.57.1, …), 775 product×package rows across 242 product lines (Container bci/bci-init, Container bci/dotnet-aspnet, … (242 product lines)): Fixed 589, Known Affected 147, Known Not Affected 39.

Description:

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.

cvelogic Threat Intelligence