CVE-2023-45322

Published: Oct 6, 2023

Modified: Nov 3, 2025

PUBLISHED

Description

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.gnome.org/GNOME/libxml2/-/issues/583

https://gitlab.gnome.org/GNOME/libxml2/-/issues/344

[oss-security] 20231006 CVE-2023-45322: Use-after-free in libxml2 through 2.11.5

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-45322

Description

Affected Products

References