Vulnerability Details : CVE-2023-29469
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Vulnerability category: Memory Corruption
Products affected by CVE-2023-29469
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-29469
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-29469
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2023-29469
-
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-29469
-
https://security.netapp.com/advisory/ntap-20230601-0006/
April 2023 Libxml2 Vulnerabilities in NetApp Products | NetApp Product Security
-
https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
libxml2 2.10.4 · GNOME / libxml2 · GitLabRelease Notes
-
https://lists.debian.org/debian-lts-announce/2023/04/msg00031.html
[SECURITY] [DLA 3405-1] libxml2 security updateMailing List;Third Party Advisory
-
https://gitlab.gnome.org/GNOME/libxml2/-/issues/510
[CVE-2023-29469] Hashing of empty dict strings isn't deterministic (#510) · Issues · GNOME / libxml2 · GitLabIssue Tracking;Vendor Advisory
Jump to