oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2023-45322: Use-after-free in libxml2 through 2.11.5

From: Alan Coopersmith <alan.coopersmith () oracle com>
Date: Fri, 6 Oct 2023 15:04:27 -0700
https://www.cve.org/CVERecord?id=CVE-2023-45322 was published today.  It reports:

> libxml2 through 2.11.5 has a use-after-free that can only occur after a
> certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c.
> NOTE: the vendor's position is "I don't think these issues are critical
> enough to warrant a CVE ID ... because an attacker typically can't control
> when memory allocations fail."

The reproducer is attached to the upstream bug report at:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
and is run via
"./libxml2/xmllint --copy --html --maxmem 315229 input.xml"

The fix is in the git master branch, but not yet any release:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris
Previous By Date Next
Previous By Thread Next

Current thread: