Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-29469

Опубликовано: 24 апр. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.5

Описание

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

РелизСтатусПримечание
bionic

released

2.9.4+dfsg1-6.1ubuntu1.9
devel

not-affected

2.9.14+dfsg-1.2
esm-infra-legacy/trusty

not-affected

2.9.1+dfsg1-3ubuntu4.13+esm5
esm-infra/bionic

not-affected

2.9.4+dfsg1-6.1ubuntu1.9
esm-infra/focal

not-affected

2.9.10+dfsg-5ubuntu0.20.04.6
esm-infra/xenial

released

2.9.3+dfsg1-1ubuntu0.7+esm5
focal

released

2.9.10+dfsg-5ubuntu0.20.04.6
jammy

released

2.9.13+dfsg-1ubuntu0.3
kinetic

released

2.9.14+dfsg-1ubuntu0.2
lunar

released

2.9.14+dfsg-1.1ubuntu0.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 17%
0.00054
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-29469

CVSS3: 5.9
redhat
около 2 лет назад

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

nvd логотип

CVE-2023-29469

CVSS3: 6.5
nvd
около 2 лет назад

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

msrc логотип

CVE-2023-29469

CVSS3: 6.5
msrc
около 2 лет назад

Описание отсутствует

debian логотип

CVE-2023-29469

CVSS3: 6.5
debian
около 2 лет назад

An issue was discovered in libxml2 before 2.10.4. When hashing empty d ...

github логотип

GHSA-7jv7-hr35-fwjr

CVSS3: 6.5
github
около 2 лет назад

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

EPSS

Процентиль: 17%
0.00054
Низкий

6.5 Medium

CVSS3