An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

    An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error     messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in     xmllint.c.(CVE-2024-34459)

Tenable has extracted the preceding description block directly from the EulerOS libxml2 security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the libxml2 package has been released.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2290-1 advisory.

    - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:2288-1 advisory.

    - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2267-1 advisory.

    - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-4862425658 advisory.

    Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-9ffc6cc7bf advisory.

    Update to 2.12.7 (RHBZ#2280535, CVE-2024-34459)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-08e01e9f2f advisory.

    Update to 2.12.7

    Fix CVE-2024-34459.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of libxml2 installed on the remote host is prior to 2.11.8 / 2.12.7. It is, therefore, affected by a vulnerability as referenced in the SSA:2024-134-01 advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
205244	EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2024-2105)	Nessus	Huawei Local Security Checks	high
205232	EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2024-2088)	Nessus	Huawei Local Security Checks	high
204489	Photon OS 5.0: Libxml2 PHSA-2024-5.0-0304	Nessus	PhotonOS Local Security Checks	high
203565	Photon OS 4.0: Libxml2 PHSA-2024-4.0-0640	Nessus	PhotonOS Local Security Checks	high
201879	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libxml2 (SUSE-SU-2024:2290-1)	Nessus	SuSE Local Security Checks	low
201873	SUSE SLES12 Security Update : libxml2 (SUSE-SU-2024:2288-1)	Nessus	SuSE Local Security Checks	low
201318	openSUSE 15 Security Update : libxml2 (SUSE-SU-2024:2267-1)	Nessus	SuSE Local Security Checks	low
197915	Fedora 39 : mingw-libxml2 (2024-4862425658)	Nessus	Fedora Local Security Checks	high
197912	Fedora 40 : mingw-libxml2 (2024-9ffc6cc7bf)	Nessus	Fedora Local Security Checks	high
197711	Fedora 40 : libxml2 (2024-08e01e9f2f)	Nessus	Fedora Local Security Checks	high
196908	Slackware Linux 15.0 / current libxml2 Vulnerability (SSA:2024-134-01)	Nessus	Slackware Local Security Checks	medium

Detections

Analytics

CVE-2024-34459

high

Tenable Plugins

high

high

high

high

low

low

low

high

high

high

medium