What is the severity of CVE-2023-45322?

The severity of CVE-2023-45322 is currently disputed by the vendor, as they do not consider it critical.

How do I fix CVE-2023-45322?

To fix CVE-2023-45322, it is recommended to update libxml2 to version 2.11.6 or a later version that resolves the vulnerability.

What type of vulnerability is CVE-2023-45322?

CVE-2023-45322 is a use-after-free vulnerability that occurs during specific memory allocation failures.

Which versions of libxml2 are affected by CVE-2023-45322?

Versions of libxml2 up to and including 2.11.5 are affected by CVE-2023-45322.

Can CVE-2023-45322 be exploited remotely?

The details on the remote exploitability of CVE-2023-45322 are limited, and the vendor has not classified it as critical.

Vulnerability/
CVE-2023-45322

medium

6.5

CWE

416

6/10/2023

19/9/2024

CVE-2023-45322: Use-after-free in libxml2 through 2.11.5

First published: Fri Oct 06 2023(Updated: )

** DISPUTED ** libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
libxml2-devel	<=2.11.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-45322?
The severity of CVE-2023-45322 is currently disputed by the vendor, as they do not consider it critical.
How do I fix CVE-2023-45322?
To fix CVE-2023-45322, it is recommended to update libxml2 to version 2.11.6 or a later version that resolves the vulnerability.
What type of vulnerability is CVE-2023-45322?
CVE-2023-45322 is a use-after-free vulnerability that occurs during specific memory allocation failures.
Which versions of libxml2 are affected by CVE-2023-45322?
Versions of libxml2 up to and including 2.11.5 are affected by CVE-2023-45322.
Can CVE-2023-45322 be exploited remotely?
The details on the remote exploitability of CVE-2023-45322 are limited, and the vendor has not classified it as critical.

collector/oss-sec
alias/CVE-2023-45322
agent/type
agent/severity
agent/title
agent/remedy
agent/references
agent/status
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/trending
agent/weakness
agent/tags
agent/author
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/softwarecombine
status/disputed
vendor/xmlsoft
canonical/libxml2-devel
version/libxml2-devel/2.11.5

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2023-45322: Use-after-free in libxml2 through 2.11.5

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-45322?

How do I fix CVE-2023-45322?

What type of vulnerability is CVE-2023-45322?

Which versions of libxml2 are affected by CVE-2023-45322?

Can CVE-2023-45322 be exploited remotely?

Company

Resources

Contact