Unrated severityNVD Advisory· Published Oct 6, 2023· Updated Nov 3, 2025
CVE-2023-45322
CVE-2023-45322
Description
libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
45- libxml2/libxml2description
- osv-coords43 versionspkg:apk/chainguard/libxml2pkg:apk/chainguard/libxml2-16pkg:apk/chainguard/libxml2-devpkg:apk/chainguard/libxml2-docpkg:apk/chainguard/libxml2-py3pkg:apk/chainguard/libxml2-utilspkg:apk/wolfi/libxml2pkg:apk/wolfi/libxml2-16pkg:apk/wolfi/libxml2-devpkg:apk/wolfi/libxml2-docpkg:apk/wolfi/libxml2-py3pkg:apk/wolfi/libxml2-utilspkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/libxml2&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/libxml2-python&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/python-libxml2-python&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-libxml2-python&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
< 2.11.5-r1+ 42 more
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.11.5-r1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.10.3-150500.5.11.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.11.5-2.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.10.3-150500.5.11.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.9.7-150000.3.63.1
- (no CPE)range: < 2.9.7-150000.3.63.1
- (no CPE)range: < 2.9.7-150000.3.63.1
- (no CPE)range: < 2.9.7-150000.3.63.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.10.3-150500.5.11.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.10.3-150500.5.11.1
- (no CPE)range: < 2.9.4-46.68.2
- (no CPE)range: < 2.9.4-46.68.2
- (no CPE)range: < 2.9.4-46.68.2
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.10.3-150500.5.11.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.10.3-150500.5.11.1
- (no CPE)range: < 2.9.14-150400.5.25.1
- (no CPE)range: < 2.10.3-150500.5.11.1
- (no CPE)range: < 2.9.4-46.68.2
- (no CPE)range: < 2.9.4-46.68.2
- (no CPE)range: < 2.9.7-150000.3.63.1
Patches
Vulnerability mechanics
References
3News mentions
1- GitLab Critical Security Release: 16.8.1, 16.7.4, 16.6.6, 16.5.8GitLab Security Releases · Jan 25, 2024