CVE-2023-45322

CVE-2023-45322

Name

CVE-2023-45322

Description

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
MISC	https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
mailing-list	http://www.openwall.com/lists/oss-security/2023/10/06/5
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html

Type

URI

MISC

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

MISC

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

mailing-list

http://www.openwall.com/lists/oss-security/2023/10/06/5

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

CPE URI

Source package

Min version

Max version

n/a

== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libxml2	edge-main	2.11.5-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.18-main	2.11.4-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.17-main	2.10.4-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libxml2

edge-main

2.11.5-r0

Carlo Landmeter <clandmeter@alpinelinux.org>

possibly vulnerable

libxml2

3.18-main