CVE-2023-29469
Summary
| CVE | CVE-2023-29469 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2023-04-24 21:15:00 UTC |
|---|
| Updated | 2023-06-01 14:15:00 UTC |
|---|
| Description | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| libxml2 2.10.4 · GNOME / libxml2 · GitLab |
MISC |
gitlab.gnome.org |
|
| [SECURITY] [DLA 3405-1] libxml2 security update |
MLIST |
lists.debian.org |
|
| [CVE-2023-29469] Hashing of empty dict strings isn't deterministic (#510) · Issues · GNOME / libxml2 · GitLab |
MISC |
gitlab.gnome.org |
|
| April 2023 Libxml2 Vulnerabilities in NetApp Products | NetApp Product Security |
CONFIRM |
security.netapp.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160833 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2023-4349)
- 160854 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2023-4529)
- 181745 Debian Security Update for libxml2 (DSA 5391-1)
- 181756 Debian Security Update for libxml2 (DLA 3405-1)
- 184130 Debian Security Update for libxml2 (CVE-2023-29469)
- 199299 Ubuntu Security Notification for libxml2 Vulnerabilities (USN-6028-1)
- 199399 Ubuntu Security Notification for libxml2 Vulnerabilities (USN-6028-2)
- 241894 Red Hat Update for libxml2 (RHSA-2023:4349)
- 241937 Red Hat Update for libxml2 (RHSA-2023:4529)
- 242753 Red Hat Update for libxml2 (RHSA-2024:0413)
- 283897 Fedora Security Update for libxml2 (FEDORA-2023-dae7cc20ac)
- 284181 Fedora Security Update for libxml2 (FEDORA-2023-a521b917c8)
- 296101 Oracle Solaris 11.4 Support Repository Update (SRU) 59.138.2 Missing (CPUJUL2023)
- 330144 IBM AIX Denial of Service (DoS) Vulnerability in libxml2 (libxml2_advisory5)
- 354918 Amazon Linux Security Advisory for libxml2 : ALAS2-2023-2021
- 354929 Amazon Linux Security Advisory for libxml2 : ALAS-2023-1743
- 355233 Amazon Linux Security Advisory for libxml2 : ALAS2023-2023-163
- 378891 Alibaba Cloud Linux Security Update for libxml2 (ALINUX3-SA-2023:0111)
- 502742 Alpine Linux Security Update for libxml2
- 502997 Alpine Linux Security Update for qt5-qtwebengine
- 503239 Alpine Linux Security Update for qt5-qtwebengine
- 506196 Alpine Linux Security Update for qt5-qtwebengine
- 673079 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2194)
- 673196 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2316)
- 673204 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2336)
- 673245 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2360)
- 673257 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2386)
- 673478 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2696)
- 673540 EulerOS Security Update for libxml2 (EulerOS-SA-2023-2654)
- 691148 Free Berkeley Software Distribution (FreeBSD) Security Update for libxml2 (0bd7f07b-dc22-11ed-bf28-589cfc0f81b0)
- 691171 Free Berkeley Software Distribution (FreeBSD) Security Update for electron (b09d77d0-b27c-48ae-b69b-9641bb68b39e)
- 710860 Gentoo Linux libxml2 Multiple Vulnerabilities (GLSA 202402-11)
- 753947 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2023:2048-1)
- 753949 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2023:2054-1)
- 754861 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2023:3665-1)
- 907093 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (26282-1)
- 941200 AlmaLinux Security Update for libxml2 (ALSA-2023:4349)
- 941217 AlmaLinux Security Update for libxml2 (ALSA-2023:4529)
- 961030 Rocky Linux Security Update for libxml2 (RLSA-2023:4529)
