An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the ‘\0’ value).

References

gitlab.gnome.org/GNOME/libxml2/-/issues/510

gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4

lists.debian.org/debian-lts-announce/2023/04/msg00031.html

security.netapp.com/advisory/ntap-20230601-0006/

ibm 12

redhatcve 1

freebsd 2

f5 1

ubuntucve 1

alpinelinux 1

osv 8

prion 1

nessus 51

cbl_mariner 1

nvd 1

debiancve 1

cve 1

veracode 1

oraclelinux 2

rosalinux 2

openvas 29

github 1

fedora 2

redos 1

redhat 46

rocky 1

debian 2

almalinux 2

cloudfoundry 1

ubuntu 2

aix 1

amazon 2

photon 3

mageia 1

slackware 1

gentoo 1

ics 4

apple 2

tenable 1

oracle 3

ibm

Security Bulletin: CVE-2023-29469 may affect IBM CICS TX Advanced 10.1

2023-06-08 18:25:41

Security Bulletin: GNOME libxml2 vulnerability affects IBM Safer Payments (CVE-2023-29469)

2023-07-28 13:39:38

Security Bulletin: Vulnerabilities in libxml2 library (CVE-2023-28484, CVE-2023-29469) affect Power HMC.

2024-04-16 17:05:35

redhatcve

CVE-2023-29469

2023-04-11 19:29:50

freebsd

electron -- vulnerability

2023-05-17 00:00:00

libxml2 -- multiple vulnerabilities

2023-04-11 00:00:00

K000139592: libxml2 vulnerability CVE-2023-29469

2024-05-13 00:00:00

ubuntucve

CVE-2023-29469

2023-04-12 00:00:00

alpinelinux

CVE-2023-29469

2023-04-24 21:15:09

osv

CVE-2023-29469

2023-04-24 21:15:09

libxml2 vulnerabilities

2023-04-19 13:42:53

libxml2 - security update

2023-04-30 00:00:00

prion

Double free

2023-04-24 21:15:00

nessus

FreeBSD : electron -- vulnerability (b09d77d0-b27c-48ae-b69b-9641bb68b39e)

2023-05-18 00:00:00

F5 Networks BIG-IP : libxml2 vulnerability (K000139592)

2024-05-14 00:00:00

Fedora 38 : libxml2 (2023-a521b917c8)

2023-04-18 00:00:00

cbl_mariner

CVE-2023-29469 affecting package libxml2 for versions less than 2.10.4-1

2023-08-03 02:51:21

nvd

CVE-2023-29469

2023-04-24 21:15:09

debiancve

CVE-2023-29469

2023-04-24 21:15:09

cve

CVE-2023-29469

2023-04-24 21:15:09

veracode

Double Free

2023-04-20 04:30:38

oraclelinux

libxml2 security update

2023-08-02 00:00:00

libxml2 security update

2023-08-10 00:00:00

rosalinux

Advisory ROSA-SA-2024-2321

2024-01-09 09:53:22

Advisory ROSA-SA-2023-2319

2023-12-26 12:04:20

openvas

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2504)

2023-08-01 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2527)

2023-08-01 00:00:00

Debian: Security Advisory (DLA-3405-1)

2023-05-02 00:00:00

github

Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

2023-04-11 21:48:01

fedora

[SECURITY] Fedora 38 Update: libxml2-2.10.4-1.fc38

2023-04-18 01:40:06

[SECURITY] Fedora 37 Update: libxml2-2.10.4-1.fc37

2023-04-18 01:32:12

redos

ROS-20230616-04

2023-06-16 00:00:00

redhat

(RHSA-2023:4529) Moderate: libxml2 security update

2023-08-08 07:21:37

(RHSA-2023:4349) Moderate: libxml2 security update

2023-08-01 07:58:11

(RHSA-2024:0413) Moderate: libxml2 security update

2024-01-24 14:40:23

rocky

libxml2 security update

2023-10-06 23:10:01

debian

[SECURITY] [DSA 5391-1] libxml2 security update

2023-04-20 20:45:49

[SECURITY] [DLA 3405-1] libxml2 security update

2023-04-30 11:00:47

almalinux

Moderate: libxml2 security update

2023-08-01 00:00:00

Moderate: libxml2 security update

2023-08-08 00:00:00

cloudfoundry

USN-6028-1: libxml2 vulnerabilities | Cloud Foundry

2023-04-29 00:00:00

ubuntu

libxml2 vulnerabilities

2023-04-19 00:00:00

libxml2 vulnerabilities

2023-06-07 00:00:00

aix

AIX is vulnerable to a denial of service due to libxml2

2023-07-25 11:08:32

amazon

Medium: libxml2

2023-04-27 18:36:00

Medium: libxml2

2023-04-27 16:19:00

photon

Moderate Photon OS Security Update - PHSA-2023-3.0-0569

2023-04-23 00:00:00

Moderate Photon OS Security Update - PHSA-2023-5.0-0001

2023-05-02 00:00:00

Critical Photon OS Security Update - PHSA-2023-4.0-0380

2023-04-25 00:00:00

mageia

Updated libxml2 packages fix security vulnerability

2023-05-06 21:19:07

slackware

[slackware-security] libxml2

2023-12-10 01:15:09

gentoo

libxml2: Multiple Vulnerabilities

2024-02-09 00:00:00

ics

Siemens SIMATIC and SIPLUS

2024-06-13 12:00:00

Siemens ST7 ScadaConnect

2024-06-13 12:00:00

Siemens Telecontrol Server Basic

2024-04-11 12:00:00

apple

About the security content of iOS 16.5 and iPadOS 16.5

2023-05-18 00:00:00

About the security content of macOS Ventura 13.4

2023-05-18 00:00:00

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

oracle

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

JSON

Related for CVELIST:CVE-2023-29469