CVE-2024-40896

CVSS V2 None CVSS V3 None

Description

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible.

Overview

CVE ID
CVE-2024-40896

Assigner
mitre

Vulnerability Status
PUBLISHED

Published Version
2024-12-23T00:00:00

Last Modified Date
2024-12-24T02:11:06.747Z

Weakness Enumerations

CWE	URL
CWE-611	http://cwe.mitre.org/data/definitions/611.html

References

Reference URL	Reference Tags
https://gitlab.gnome.org/GNOME/libxml2/-/issues/761
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-40896
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-40896

History

Created	Old Value	New Value	Data Type	Notes
2024-12-24 13:07:18				Added to TrackCVE