CVE-2023-45322

CVE-2023-45322

Name

CVE-2023-45322

Description

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
MISC	https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
MLIST	http://www.openwall.com/lists/oss-security/2023/10/06/5

Type

URI

MISC

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

MISC

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

MLIST

http://www.openwall.com/lists/oss-security/2023/10/06/5

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:xmlsoft:libxml2::::::::`	libxml2	>= None	<= 2.11.5

CPE URI

Source package

Min version

Max version

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

libxml2

>= None

<= 2.11.5

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libxml2	3.17-main	2.10.4-r0	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.16-main	2.9.14-r2	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable
libxml2	3.15-main	2.9.14-r2	Carlo Landmeter <clandmeter@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

libxml2

3.17-main

2.10.4-r0

Carlo Landmeter <clandmeter@alpinelinux.org>

possibly vulnerable

libxml2

3.16-main