Cyber Resilience

CVE-2023-29469

Medium

Published: 24 April 2023

Published
24 April 2023
Modified
04 February 2025
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0022 44.7th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-29469 is a medium-severity Double Free (CWE-415) vulnerability in Xmlsoft Libxml2. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 44.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs…

more

because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

xmlsoft
libxml2
≤ 2.10.4
debian
debian linux
10.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References