CVE-2023-29469
published 2023-04-24CVE-2023-29469: An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce…
PriorityP429medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
1.01%
58.9th percentile
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.5_and_ipados | — | — |
| apple | macos_ventura | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.14+dfsg-1.2 (bookworm) | libxml2 2.9.14+dfsg-1.2 (bookworm) |
| msrc | cbl2_libxml2_2.10.4-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| nokogiri | nokogiri | >= 0 < 1.14.3 | 1.14.3 |
| xmlsoft | libxml2 | < 2.10.4 | 2.10.4 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-6.7+deb11u4 | 2.9.10+dfsg-6.7+deb11u4 |
| xmlsoft | libxml2 | >= 0 < 2.9.14+dfsg-1.2 | 2.9.14+dfsg-1.2 |
| xmlsoft | libxml2 | >= 0 < 2.9.14+dfsg-1.2 | 2.9.14+dfsg-1.2 |
| xmlsoft | libxml2 | >= 0 < 2.9.14+dfsg-1.2 | 2.9.14+dfsg-1.2 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-6.1ubuntu1.9 | 2.9.4+dfsg1-6.1ubuntu1.9 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-5ubuntu0.20.04.6 | 2.9.10+dfsg-5ubuntu0.20.04.6 |
| xmlsoft | libxml2 | >= 0 < 2.9.13+dfsg-1ubuntu0.3 | 2.9.13+dfsg-1ubuntu0.3 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.13+esm5 | 2.9.1+dfsg1-3ubuntu4.13+esm5 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1ubuntu0.7+esm5 | 2.9.3+dfsg1-1ubuntu0.7+esm5 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_ubuntu7.5HIGH
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SCALANCE W700
cisa_ics·2025-02-13
Siemens SCALANCE W700
ICS Advisory
##
Siemens SCALANCE W700
Release DateFebruary 13, 2025
Alert CodeICSA-25-044-09
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE W700
- Vulnerabilities: Double Free, Improper Restriction of Communication Channel to Intended Endpoints, Improper Resource Sh
CISA ICS
Siemens SIMATIC and SIPLUS
cisa_ics·2024-06-13
Siemens SIMATIC and SIPLUS
ICS Advisory
##
Siemens SIMATIC and SIPLUS
Release DateJune 13, 2024
Alert CodeICSA-24-165-10
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SIMATIC, SIPLUS
- Vulnerabilities: Inadequate Encryption Strength, Improper Restriction of Operations within the Bounds of a Memory Bu
CISA ICS
Siemens ST7 ScadaConnect
cisa_ics·2024-06-13·CVSS 7.5
[HIGH] Siemens ST7 ScadaConnect
ICS Advisory
##
Siemens ST7 ScadaConnect
Release DateJune 13, 2024
Alert CodeICSA-24-165-04
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.2
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: ST7 ScadaConnect
- Vulnerabilities: Integer Overflow or Wraparound, Double Free, Improper Certificate Validation, Inefficient Regular Ex
CISA ICS
Siemens Telecontrol Server Basic
cisa_ics·2024-04-11
Siemens Telecontrol Server Basic
ICS Advisory
##
Siemens Telecontrol Server Basic
Release DateApril 11, 2024
Alert CodeICSA-24-102-08
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Telecontrol Server Basic
- Vulnerabilities: Inadequate Encryption Strength, Double Free, Integer Overflow or Wraparound, External Control of File Name or Path, Path Traversal, Improper Input Validation, Missing Encry
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2023-06-07·CVSS 7.5
CVE-2022-2309 [HIGH] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
USN-6028-1 fixed vulnerabilities in libxml2. This update provides the
corresponding updates for Ubuntu 23.04.
Original advisory details:
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2022-2309)
It was discovered that lixml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2023-28484)
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2023-29469)
Instructions: In general, a standard system update will make all the necessary changes.
Apple
CVE-2023-29469: macOS Ventura 13.4
vendor_apple·2023-05-18·CVSS 6.5
CVE-2023-29469 [MEDIUM] CVE-2023-29469: macOS Ventura 13.4
Apple Security Update: About the security content of macOS Ventura 13.4
Product: macOS Ventura
Version: 13.4
CVE: CVE-2023-29469
Component: LaunchServices
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
Apple
CVE-2023-29469: iOS 16.5 and iPadOS 16.5
vendor_apple·2023-05-18·CVSS 6.5
CVE-2023-29469 [MEDIUM] CVE-2023-29469: iOS 16.5 and iPadOS 16.5
Apple Security Update: About the security content of iOS 16.5 and iPadOS 16.5
Product: iOS 16.5 and iPadOS
Version: 16.5
CVE: CVE-2023-29469
Component: LaunchServices
Impact: An app may bypass Gatekeeper checks
Description: A logic issue was addressed with improved checks.
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2023-04-19·CVSS 6.5
CVE-2023-29469 [MEDIUM] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
It was discovered that lixml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2023-28484)
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2023-29469)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libxml2: Hashing of empty dict strings isn't deterministic
vendor_redhat·2023-04-11·CVSS 6.5
CVE-2023-29469 [MEDIUM] CWE-20 libxml2: Hashing of empty dict strings isn't deterministic
libxml2: Hashing of empty dict strings isn't deterministic
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.
Package: rubygem-nokogiri (CloudForms Management Engine 5) - Not affected
Package: nokogiri (Red Hat 3s
Microsoft
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document xmlDictComputeFastKey in dict.c can produce non-deterministic values leading to various logi
vendor_msrc·2023-04-11·CVSS 6.5
CVE-2023-29469 [MEDIUM] CWE-415 An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document xmlDictComputeFastKey in dict.c can produce non-deterministic values leading to various logi
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document xmlDictComputeFastKey in dict.c can produce non-deterministic values leading to various logic and memory errors such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string and any value is possible (not solely the '\0' value).
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to trans
Debian
CVE-2023-29469: libxml2 - An issue was discovered in libxml2 before 2.10.4. When hashing empty dict string...
vendor_debian·2023·CVSS 6.5
CVE-2023-29469 [MEDIUM] CVE-2023-29469: libxml2 - An issue was discovered in libxml2 before 2.10.4. When hashing empty dict string...
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Scope: local
bookworm: resolved (fixed in 2.9.14+dfsg-1.2)
bullseye: resolved (fixed in 2.9.10+dfsg-6.7+deb11u4)
forky: resolved (fixed in 2.9.14+dfsg-1.2)
sid: resolved (fixed in 2.9.14+dfsg-1.2)
trixie: resolved (fixed in 2.9.14+dfsg-1.2)
GHSA
GHSA-7jv7-hr35-fwjr: An issue was discovered in libxml2 before 2
ghsa_unreviewed·2023-04-24
CVE-2023-29469 [MEDIUM] CWE-415 GHSA-7jv7-hr35-fwjr: An issue was discovered in libxml2 before 2
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
OSV
CVE-2023-29469: An issue was discovered in libxml2 before 2
osv·2023-04-24·CVSS 6.5
CVE-2023-29469 [MEDIUM] CVE-2023-29469: An issue was discovered in libxml2 before 2
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
OSV
libxml2 vulnerabilities
osv·2023-04-19·CVSS 6.5
CVE-2023-28484 [MEDIUM] libxml2 vulnerabilities
libxml2 vulnerabilities
It was discovered that lixml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. (CVE-2023-28484)
It was discovered that libxml2 incorrectly handled certain XML files.
An attacker could possibly use this issue to cause a crash.
(CVE-2023-29469)
OSV
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
osv·2023-04-11·CVSS 6.5
CVE-2023-29469 [MEDIUM] Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
### Summary
Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.
libxml2 v2.10.4 addresses the following known vulnerabilities:
- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType
- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
Please note that this advisory only applies to the CRuby implementation of Nokogiri `= 1.14.3`.
Users who are unable to upgrade Nokogiri may also choose a more comp
GHSA
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
ghsa·2023-04-11·CVSS 6.5
CVE-2023-29469 [MEDIUM] Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
### Summary
Nokogiri v1.14.3 upgrades the packaged version of its dependency libxml2 to [v2.10.4](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4) from v2.10.3.
libxml2 v2.10.4 addresses the following known vulnerabilities:
- [CVE-2023-29469](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29469): Hashing of empty dict strings isn't deterministic
- [CVE-2023-28484](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28484): Fix null deref in xmlSchemaFixupComplexType
- Schemas: Fix null-pointer-deref in xmlSchemaCheckCOSSTDerivedOK
Please note that this advisory only applies to the CRuby implementation of Nokogiri `= 1.14.3`.
Users who are unable to upgrade Nokogiri may also choose a more comp
No detection rules found.
No public exploits indexed.
https://gitlab.gnome.org/GNOME/libxml2/-/issues/510https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4https://lists.debian.org/debian-lts-announce/2023/04/msg00031.htmlhttps://security.netapp.com/advisory/ntap-20230601-0006/https://gitlab.gnome.org/GNOME/libxml2/-/issues/510https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4https://lists.debian.org/debian-lts-announce/2023/04/msg00031.htmlhttps://security.netapp.com/advisory/ntap-20230601-0006/
2023-04-24
Published