Double Free
CVE-2023-29469
Summary
An issue was discovered in libxml2 in versions prior to 2.10.4. When hashing empty dict strings in a crafted XML document, "xmlDictComputeFastKey" in "dict.c" can produce non-deterministic values, leading to various logic and memory errors, such as a Double Free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- NONE
- HIGH
CWE-415 - Double Free
The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
References
Advisory Timeline
- Published