CVE-2023-45322: Use-after-free in libxml2 through 2.11.5

CVE-2023-45322: Use-after-free in libxml2 through 2.11.5

Open Source Security 

Posted by Alan Coopersmith on Oct 06

https://www.cve.org/CVERecord?id=CVE-2023-45322 was published today. It reports:

> libxml2 through 2.11.5 has a use-after-free that can only occur after a
> certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c.
> NOTE: the vendor’s position is „I don’t think these issues are critical
> enough to warrant a CVE ID … because an attacker typically can’t control
> when memory allocations…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert