Published: 06/10/2023 Updated: 11/04/2024

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 0

libxml2 up to and including 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

Vulnerable Product	Search on Vulmon	Subscribe to Product
xmlsoft libxml2

Debian Bug report logs - #1053629 libxml2: CVE-2023-45322 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 7 Oct 2023 15:03:06 UTC Severity: important Tags: security, upstream Fo ...

libxml2 through 2115 has a use-after-free that can only occur after a certain memory allocation fails This occurs in xmlUnlinkNode in treec NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID because an attacker typically can't control when memory allocations fail" (CVE-2023-45322) ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-416 https://gitlab.gnome.org/GNOME/libxml2/-/issues/583 https://gitlab.gnome.org/GNOME/libxml2/-/issues/344 http://www.openwall.com/lists/oss-security/2023/10/06/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053629 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10 https://alas.aws.amazon.com/AL2/ALAS-2023-2321.html

CVE-2023-45322

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect