• <span>Mastering EU Compliance: Open Source Strategies for Sovereignty and Resilience</span>

    Mastering EU Compliance: Open Source Strategies for Sovereignty and Resilience

  • CVE-2017-16932

    OL CVE Issue Summary:

    xmlSnprintfElementContent() in valid.c is supposed to recursively dump the element content definition into a char buffer buf of size size. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then
    (i) the content->prefix is appended to buf (if it actually fits) 
    whereupon: 
    (ii)content->name is written to the buffer 
    However, the check is whether the content->name actually fits also uses len rather than the updated buffer length strlen(buf). This allows writing about "size" many bytes beyond the allocated memory. 

    CVE-2017-16932
    CentOS 7
    libxml2-2.9.1-6_ol009.el7.6
    7.5

  • CVE-2022-23308

    OL CVE Issue Summary:

    xmlSnprintfElementContent() in valid.c is supposed to recursively dump the element content definition into a char buffer buf of size size. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then
    (i) the content->prefix is appended to buf (if it actually fits) 
    whereupon: 
    (ii)content->name is written to the buffer 
    However, the check is whether the content->name actually fits also uses len rather than the updated buffer length strlen(buf). This allows writing about "size" many bytes beyond the allocated memory. 

    CVE-2022-23308
    CentOS 7
    libxml2-2.9.1-6_ol009.el7.6
    7.5

  • Spring Boot LTS

    Keep your Spring applications secure and upgrade on your schedule with LTS for Spring Boot and Spring Framework.

  • Tomcat Long-Term Support

  • CentOS LTS

    Protect your infrastructure and stay compliant with CentOS support from OpenLogic. Extend your CentOS 7 migration runway until 2029 with CentOS LTS.