Bug 2242945 (CVE-2023-45322)

Summary: CVE-2023-45322 libxml2: use-after-free in xmlUnlinkNode() in tree.c
Product: [Other] Security Response Reporter: Anten Skrabec <askrabec>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: adudiak, agarcial, aoconnor, asegurap, bdettelb, caswilli, csutherl, dhalasz, dkuc, fjansen, gsuckevi, hkataria, jburrell, jclere, jmitchel, jsamir, jsherril, jtanner, kaycoth, kshier, luizcosta, mturk, nweather, peholase, pjindal, plodge, psegedy, stcannon, sthirugn, szappis, tcarlin, tkasparek, tpopela, vkrizan, vmugicag, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2246567, 2246568, 2246569, 2246570, 2246571, 2246572    
Bug Blocks: 2242947    

Description Anten Skrabec 2023-10-09 21:14:28 UTC 
** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

References:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
http://www.openwall.com/lists/oss-security/2023/10/06/5
Comment 6 Guilherme de Almeida Suckevicz 2023-10-27 14:13:52 UTC 
Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 2246568]


Created mingw-libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 2246569]


Created pcem tracking bugs for this issue:

Affects: fedora-all [bug 2246570]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2246567]
Affects: fedora-all [bug 2246571]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2246572]