CVE-2023-29469

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
xmlsoftlibxml2
𝑥
< 2.10.4
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libxml2
bullseye
2.9.10+dfsg-6.7+deb11u4
fixed
bullseye (security)
2.9.10+dfsg-6.7+deb11u5
fixed
bookworm
2.9.14+dfsg-1.3~deb12u1
fixed
sid
2.12.7+dfsg+really2.9.14-0.2
fixed
trixie
2.12.7+dfsg+really2.9.14-0.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libxml2
lunar
Fixed 2.9.14+dfsg-1.1ubuntu0.1
released
kinetic
Fixed 2.9.14+dfsg-1ubuntu0.2
released
jammy
Fixed 2.9.13+dfsg-1ubuntu0.3
released
focal
Fixed 2.9.10+dfsg-5ubuntu0.20.04.6
released
bionic
Fixed 2.9.4+dfsg1-6.1ubuntu1.9
released
xenial
Fixed 2.9.3+dfsg1-1ubuntu0.7+esm5
released
trusty
Fixed 2.9.1+dfsg1-3ubuntu4.13+esm5
released
Common Weakness Enumeration
References
https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
https://security.netapp.com/advisory/ntap-20230601-0006/
https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
https://security.netapp.com/advisory/ntap-20230601-0006/