CVE-2023-45322

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

Open

LOW (3.8)

T
Tim Bastin detected CVE-2023-45322 with a risk of 3.8
0.8.3
System updated the risk assessment to 1.9
0.8.3
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2023-45322 with a risk of 1.9
0.9.1
System updated the risk assessment from 1.9 to 1.26
0.9.1
System recalculated raw risk assessment
System updated the risk assessment from 1.26 to 3.8
0.9.1
System recalculated raw risk assessment
System updated the risk assessment from 1.9 to 3.8
0.8.3
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2023-45322 with a risk of 3.8
0.10.1
T
Tim Bastin detected CVE-2023-45322 with a risk of 3.8
0.11.1
System fixed CVE-2023-45322
0.10.1
System fixed CVE-2023-45322
0.9.1
System fixed CVE-2023-45322
0.8.3
System fixed CVE-2023-45322
0.11.1
System detected CVE-2023-45322 with a risk of 3.8
0.11.1

Add a comment

Last calculated at:

Affected component

debian/libxml2

Installed version:

2.9.14

Fixed in:

no patch available

Show in dependency graph

🛡️ DevGuard
Group
/🗄️ Devguard Postgresql
Repository

CVE-2023-45322

Add a comment

Affected component

Management decisions across the organization