CVE-2023-45322

CWE-416Use After Free7 documents7 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 77.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Xmlsoft Libxml2
Timeline
PublishedOct 6
Latest updateOct 10

Description

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianlibxml2< 2.9.10+dfsg-6.7+deb11u6+3
NVDxmlsoft/libxml22.11.5

Patches

Patch: www.openwall.comPatch: gitlab.gnome.orgPatch: gitlab.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-vqpg-m25j-7558: ** DISPUTED ** libxml2 through 22023-10-07
CVEList
CVE-2023-45322: libxml2 through 22023-10-06
OSV
CVE-2023-45322: libxml2 through 22023-10-06

📋Vendor Advisories

3
Microsoft
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these iss2023-10-10
Red Hat
libxml2: use-after-free in xmlUnlinkNode() in tree.c2023-08-23
Debian
CVE-2023-45322: libxml2 - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain ...2023
CVE-2023-45322 (MEDIUM CVSS 6.5) | libxml2 through 2.11.5 has a use-af | cvebase.io