Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-45322

Опубликовано: 06 окт. 2023
Источник: debian

Описание

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxml2fixed2.12.3+dfsg-0exp1experimentalpackage
libxml2fixed2.12.7+dfsg+really2.9.14-1package
libxml2no-dsabookwormpackage
libxml2postponedbusterpackage

Примечания

  • https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

  • Originally fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 (v2.12.0)

  • Introduced regression (and thus commit reverted temporarily upstream):

  • https://gitlab.gnome.org/GNOME/libxml2/-/issues/634

  • Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/30d7660ba87c8487b26582ccc050f4d2880ccb3c (v2.12.2)

  • Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8707838e69f9c6e729c1d1d46bb3681d9e622be5 (v2.13.0)

  • https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

  • http://www.openwall.com/lists/oss-security/2023/10/06/5

Связанные уязвимости

ubuntu логотип

CVE-2023-45322

CVSS3: 6.5
ubuntu
больше 1 года назад

** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

redhat логотип

CVE-2023-45322

CVSS3: 5.9
redhat
почти 2 года назад

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

nvd логотип

CVE-2023-45322

CVSS3: 6.5
nvd
больше 1 года назад

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

msrc логотип

CVE-2023-45322

CVSS3: 6.5
msrc
5 месяцев назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2023:4537-1

suse-cvrf
больше 1 года назад

Security update for libxml2