Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <27cb8fce-75c8-47bb-9dbc-87dbe14a6109@oracle.com>
Date: Fri, 6 Oct 2023 15:04:27 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2023-45322: Use-after-free in libxml2 through 2.11.5

https://www.cve.org/CVERecord?id=CVE-2023-45322 was published today.  It reports:

 > libxml2 through 2.11.5 has a use-after-free that can only occur after a
 > certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c.
 > NOTE: the vendor's position is "I don't think these issues are critical
 > enough to warrant a CVE ID ... because an attacker typically can't control
 > when memory allocations fail."

The reproducer is attached to the upstream bug report at:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
and is run via
"./libxml2/xmllint --copy --html --maxmem 315229 input.xml"

The fix is in the git master branch, but not yet any release:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/d39f78069dff496ec865c73aa44d7110e429bce9

-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.