CVE Record: CVE-2023-45322

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

Product Status

Information not provided

References 3 Total

Updated: 2024-08-02

This container includes required additional information provided by the CVE Program for this vulnerability.

References 3 Total

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
external site
x_transferred
https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
external site
x_transferred
openwall.com: [oss-security] 20231006 CVE-2023-45322: Use-after-free in libxml2 through 2.11.5
external site
mailing-listx_transferred

Authorized Data Publishers