Bug 2242945 (CVE-2023-45322) - CVE-2023-45322 libxml2: use-after-free in xmlUnlinkNode() in tree.c
Summary: CVE-2023-45322 libxml2: use-after-free in xmlUnlinkNode() in tree.c
Keywords:
Status: NEW
Alias: CVE-2023-45322
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2246567 2246569 2246571 2246572 2246568 2246570
Blocks: 2242947
TreeView+ depends on / blocked
 
Reported: 2023-10-09 21:14 UTC by Anten Skrabec
Modified: 2024-03-14 18:52 UTC (History)
36 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Anten Skrabec 2023-10-09 21:14:28 UTC 
** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

References:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
http://www.openwall.com/lists/oss-security/2023/10/06/5
Comment 6 Guilherme de Almeida Suckevicz 2023-10-27 14:13:52 UTC 
Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 2246568]


Created mingw-libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 2246569]


Created pcem tracking bugs for this issue:

Affects: fedora-all [bug 2246570]


Created qt5-qtwebengine tracking bugs for this issue:

Affects: epel-all [bug 2246567]
Affects: fedora-all [bug 2246571]


Created qt6-qtwebengine tracking bugs for this issue:

Affects: fedora-all [bug 2246572]
Note You need to log in before you can comment on or make changes to this bug.