Updated: 2023-11-04 20:50:54.602
Description:
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 6.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | libxml2 | 2.9.13 | 6.5 | MEDIUM | Ignored | 2023-11-08 04:07:55 | |
CentOS 6 ELS | libxml2 | 2.7.6 | 6.5 | MEDIUM | Ignored | 2023-04-20 11:04:44 | |
CentOS 7 ELS | libxml2 | 2.9.1 | 6.5 | MEDIUM | Ignored | 2023-09-19 09:30:21 | |
CentOS 8.4 ELS | libxml2 | 2.9.7-9 | 6.5 | MEDIUM | Released | CLSA-2024:1717692967 | 2024-06-06 14:35:40 |
CentOS 8.5 ELS | libxml2 | 2.9.7-9 | 6.5 | MEDIUM | Released | CLSA-2024:1717691762 | 2024-06-06 14:35:41 |
CloudLinux 6 ELS | libxml2 | 2.7.6 | 6.5 | MEDIUM | Ignored | 2023-04-20 11:04:44 | |
Oracle Linux 6 ELS | libxml2 | 2.7.6 | 6.5 | MEDIUM | Ignored | 2023-04-20 11:04:44 | |
Ubuntu 16.04 ELS | libxml2 | 2.9.3 | 6.5 | MEDIUM | Released | CLSA-2023:1682593947 | 2023-04-27 08:49:56 |
Ubuntu 18.04 ELS | libxml2 | 2.9.4 | 6.5 | MEDIUM | Already Fixed | 2023-06-22 14:05:45 |