CVE-2023-45322
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
** EN DISPUTA ** libxml2 hasta 2.11.5 tiene un use-after-free que solo puede ocurrir después de que falla una determinada asignación de memoria. Esto ocurre en xmlUnlinkNode en tree.c. NOTA: la posición del proveedor es "No creo que estos problemas sean lo suficientemente críticos como para justificar un ID CVE... porque un atacante normalmente no puede controlar cuándo fallan las asignaciones de memoria".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-06 CVE Reserved
- 2023-10-06 CVE Published
- 2024-09-19 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2023/10/06/5 | 2024-05-17 | |
| https://gitlab.gnome.org/GNOME/libxml2/-/issues/344 | 2024-05-17 | |
| https://gitlab.gnome.org/GNOME/libxml2/-/issues/583 | 2024-05-17 |
| URL | Date | SRC |
|---|