CVE-2023-29469
See a problem?- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-29469
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29469.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-29469
- Related
- Published
- 2023-04-24T21:15:09Z
- Modified
- 2024-09-11T04:57:59.994156Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
- References
-
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
- https://security.netapp.com/advisory/ntap-20230601-0006/
- https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- https://security.alpinelinux.org/vuln/CVE-2023-29469
- https://security-tracker.debian.org/tracker/CVE-2023-29469
Affected packages
Alpine:v3.17 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:apk/alpine/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.4-r0
Affected versions
2.*
2.7.2-r0
2.7.3-r0
2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.8-r0
2.7.8-r1
2.7.8-r2
2.7.8-r4
2.7.8-r5
2.7.8-r6
2.7.8-r7
2.7.8-r8
2.8.0-r0
2.8.0-r1
2.9.0-r0
2.9.0-r1
2.9.0-r2
2.9.0-r3
2.9.1-r0
2.9.1-r1
2.9.1-r2
2.9.2-r0
2.9.2-r1
2.9.2-r2
2.9.3-r0
2.9.4-r0
2.9.4-r1
2.9.4-r2
2.9.4-r3
2.9.4-r4
2.9.5-r0
2.9.6-r0
2.9.6-r2
2.9.7-r0
2.9.7-r1
2.9.8-r0
2.9.8-r1
2.9.8-r2
2.9.9-r0
2.9.9-r1
2.9.9-r2
2.9.9-r3
2.9.10-r0
2.9.10-r1
2.9.10-r2
2.9.10-r3
2.9.10-r4
2.9.10-r5
2.9.10-r6
2.9.10-r7
2.9.12-r0
2.9.12-r1
2.9.12-r2
2.9.12-r3
2.9.13-r0
2.9.14-r0
2.9.14-r1
2.10.0-r0
2.10.1-r0
2.10.2-r0
2.10.2-r1
2.10.3-r0
2.10.3-r1
Alpine:v3.18 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:apk/alpine/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.4-r0
Affected versions
2.*
2.7.2-r0
2.7.3-r0
2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.8-r0
2.7.8-r1
2.7.8-r2
2.7.8-r4
2.7.8-r5
2.7.8-r6
2.7.8-r7
2.7.8-r8
2.8.0-r0
2.8.0-r1
2.9.0-r0
2.9.0-r1
2.9.0-r2
2.9.0-r3
2.9.1-r0
2.9.1-r1
2.9.1-r2
2.9.2-r0
2.9.2-r1
2.9.2-r2
2.9.3-r0
2.9.4-r0
2.9.4-r1
2.9.4-r2
2.9.4-r3
2.9.4-r4
2.9.5-r0
2.9.6-r0
2.9.6-r2
2.9.7-r0
2.9.7-r1
2.9.8-r0
2.9.8-r1
2.9.8-r2
2.9.9-r0
2.9.9-r1
2.9.9-r2
2.9.9-r3
2.9.10-r0
2.9.10-r1
2.9.10-r2
2.9.10-r3
2.9.10-r4
2.9.10-r5
2.9.10-r6
2.9.10-r7
2.9.12-r0
2.9.12-r1
2.9.12-r2
2.9.12-r3
2.9.13-r0
2.9.14-r0
2.9.14-r1
2.10.0-r0
2.10.1-r0
2.10.2-r0
2.10.2-r1
2.10.3-r0
2.10.3-r1
2.10.3-r2
Alpine:v3.19 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:apk/alpine/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.4-r0
Affected versions
2.*
2.7.2-r0
2.7.3-r0
2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.8-r0
2.7.8-r1
2.7.8-r2
2.7.8-r4
2.7.8-r5
2.7.8-r6
2.7.8-r7
2.7.8-r8
2.8.0-r0
2.8.0-r1
2.9.0-r0
2.9.0-r1
2.9.0-r2
2.9.0-r3
2.9.1-r0
2.9.1-r1
2.9.1-r2
2.9.2-r0
2.9.2-r1
2.9.2-r2
2.9.3-r0
2.9.4-r0
2.9.4-r1
2.9.4-r2
2.9.4-r3
2.9.4-r4
2.9.5-r0
2.9.6-r0
2.9.6-r2
2.9.7-r0
2.9.7-r1
2.9.8-r0
2.9.8-r1
2.9.8-r2
2.9.9-r0
2.9.9-r1
2.9.9-r2
2.9.9-r3
2.9.10-r0
2.9.10-r1
2.9.10-r2
2.9.10-r3
2.9.10-r4
2.9.10-r5
2.9.10-r6
2.9.10-r7
2.9.12-r0
2.9.12-r1
2.9.12-r2
2.9.12-r3
2.9.13-r0
2.9.14-r0
2.9.14-r1
2.10.0-r0
2.10.1-r0
2.10.2-r0
2.10.2-r1
2.10.3-r0
2.10.3-r1
2.10.3-r2
Alpine:v3.20 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:apk/alpine/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.4-r0
Affected versions
2.*
2.7.2-r0
2.7.3-r0
2.7.6-r0
2.7.6-r1
2.7.6-r2
2.7.6-r3
2.7.7-r0
2.7.7-r1
2.7.7-r2
2.7.7-r3
2.7.7-r4
2.7.8-r0
2.7.8-r1
2.7.8-r2
2.7.8-r4
2.7.8-r5
2.7.8-r6
2.7.8-r7
2.7.8-r8
2.8.0-r0
2.8.0-r1
2.9.0-r0
2.9.0-r1
2.9.0-r2
2.9.0-r3
2.9.1-r0
2.9.1-r1
2.9.1-r2
2.9.2-r0
2.9.2-r1
2.9.2-r2
2.9.3-r0
2.9.4-r0
2.9.4-r1
2.9.4-r2
2.9.4-r3
2.9.4-r4
2.9.5-r0
2.9.6-r0
2.9.6-r2
2.9.7-r0
2.9.7-r1
2.9.8-r0
2.9.8-r1
2.9.8-r2
2.9.9-r0
2.9.9-r1
2.9.9-r2
2.9.9-r3
2.9.10-r0
2.9.10-r1
2.9.10-r2
2.9.10-r3
2.9.10-r4
2.9.10-r5
2.9.10-r6
2.9.10-r7
2.9.12-r0
2.9.12-r1
2.9.12-r2
2.9.12-r3
2.9.13-r0
2.9.14-r0
2.9.14-r1
2.10.0-r0
2.10.1-r0
2.10.2-r0
2.10.2-r1
2.10.3-r0
2.10.3-r1
2.10.3-r2
Debian:11 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.9.10+dfsg-6.7+deb11u4
Debian:12 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source
Debian:13 / libxml2
Package
- Name
- libxml2
- Purl
- pkg:deb/debian/libxml2?arch=source