oss-sec mailing list archives
CVE-2023-45322: Use-after-free in libxml2 through 2.11.5
From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Fri, 6 Oct 2023 15:04:27 -0700
https://www.cve.org/CVERecord?id=CVE-2023-45322 was published today. It reports: > libxml2 through 2.11.5 has a use-after-free that can only occur after a > certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. > NOTE: the vendor's position is "I don't think these issues are critical > enough to warrant a CVE ID ... because an attacker typically can't control > when memory allocations fail." The reproducer is attached to the upstream bug report at: https://gitlab.gnome.org/GNOME/libxml2/-/issues/583 and is run via "./libxml2/xmllint --copy --html --maxmem 315229 input.xml" The fix is in the git master branch, but not yet any release: https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9 -- -Alan Coopersmith- alan.coopersmith () oracle com Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Current thread:
- CVE-2023-45322: Use-after-free in libxml2 through 2.11.5 Alan Coopersmith (Oct 06)