UBUNTU-CVE-2023-29469

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-29469

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-29469.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-29469

Upstream

CVE-2023-29469

Downstream

USN-6028-1

Related

USN-6028-1
USN-6028-2

Published

2023-04-12T00:00:00Z

Modified

2025-09-08T16:56:14Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).

References

Affected packages

Ubuntu:Pro:14.04:LTS / libxml2

Package

Name: libxml2
Purl: pkg:deb/ubuntu/libxml2@2.9.1+dfsg1-3ubuntu4.13+esm5?arch=source&distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.1+dfsg1-3ubuntu4.13+esm5

Affected versions

2.*

2.9.1+dfsg1-3ubuntu2

2.9.1+dfsg1-3ubuntu3

2.9.1+dfsg1-3ubuntu4

2.9.1+dfsg1-3ubuntu4.1

2.9.1+dfsg1-3ubuntu4.2

2.9.1+dfsg1-3ubuntu4.3

2.9.1+dfsg1-3ubuntu4.4

2.9.1+dfsg1-3ubuntu4.5

2.9.1+dfsg1-3ubuntu4.6

2.9.1+dfsg1-3ubuntu4.7

2.9.1+dfsg1-3ubuntu4.8

2.9.1+dfsg1-3ubuntu4.9

2.9.1+dfsg1-3ubuntu4.10

2.9.1+dfsg1-3ubuntu4.11

2.9.1+dfsg1-3ubuntu4.12

2.9.1+dfsg1-3ubuntu4.13

2.9.1+dfsg1-3ubuntu4.13+esm1

2.9.1+dfsg1-3ubuntu4.13+esm2

2.9.1+dfsg1-3ubuntu4.13+esm3

2.9.1+dfsg1-3ubuntu4.13+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libxml2",
            "binary_version": "2.9.1+dfsg1-3ubuntu4.13+esm5"
        },
        {
            "binary_name": "libxml2-dev",
            "binary_version": "2.9.1+dfsg1-3ubuntu4.13+esm5"
        },
        {
            "binary_name": "libxml2-utils",
            "binary_version": "2.9.1+dfsg1-3ubuntu4.13+esm5"
        },
        {
            "binary_name": "python-libxml2",
            "binary_version": "2.9.1+dfsg1-3ubuntu4.13+esm5"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / libxml2

Package

Name: libxml2
Purl: pkg:deb/ubuntu/libxml2@2.9.3+dfsg1-1ubuntu0.7+esm5?arch=source&distro=esm-infra/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.3+dfsg1-1ubuntu0.7+esm5

Affected versions

2.*

2.9.2+zdfsg1-4

2.9.2+zdfsg1-4ubuntu1

2.9.2+zdfsg1-4ubuntu2

2.9.2+zdfsg1-4ubuntu3

2.9.3+dfsg1-1

2.9.3+dfsg1-1ubuntu0.1

2.9.3+dfsg1-1ubuntu0.2

2.9.3+dfsg1-1ubuntu0.3

2.9.3+dfsg1-1ubuntu0.4

2.9.3+dfsg1-1ubuntu0.5

2.9.3+dfsg1-1ubuntu0.6

2.9.3+dfsg1-1ubuntu0.7

2.9.3+dfsg1-1ubuntu0.7+esm1

2.9.3+dfsg1-1ubuntu0.7+esm2

2.9.3+dfsg1-1ubuntu0.7+esm3

2.9.3+dfsg1-1ubuntu0.7+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libxml2",
            "binary_version": "2.9.3+dfsg1-1ubuntu0.7+esm5"
        },
        {
            "binary_name": "libxml2-dev",
            "binary_version": "2.9.3+dfsg1-1ubuntu0.7+esm5"
        },
        {
            "binary_name": "libxml2-utils",
            "binary_version": "2.9.3+dfsg1-1ubuntu0.7+esm5"
        },
        {
            "binary_name": "python-libxml2",
            "binary_version": "2.9.3+dfsg1-1ubuntu0.7+esm5"
        }
    ]
}

Ubuntu:18.04:LTS / libxml2

Package

Name: libxml2
Purl: pkg:deb/ubuntu/libxml2@2.9.4+dfsg1-6.1ubuntu1.9?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.4+dfsg1-6.1ubuntu1.9

Affected versions

2.*

2.9.4+dfsg1-4ubuntu1

2.9.4+dfsg1-5ubuntu1

2.9.4+dfsg1-5ubuntu2

2.9.4+dfsg1-5.1ubuntu1

2.9.4+dfsg1-5.2ubuntu1

2.9.4+dfsg1-6.1ubuntu1

2.9.4+dfsg1-6.1ubuntu1.2

2.9.4+dfsg1-6.1ubuntu1.3

2.9.4+dfsg1-6.1ubuntu1.4

2.9.4+dfsg1-6.1ubuntu1.5

2.9.4+dfsg1-6.1ubuntu1.6

2.9.4+dfsg1-6.1ubuntu1.7

2.9.4+dfsg1-6.1ubuntu1.8

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libxml2",
            "binary_version": "2.9.4+dfsg1-6.1ubuntu1.9"
        },
        {
            "binary_name": "libxml2-dev",
            "binary_version": "2.9.4+dfsg1-6.1ubuntu1.9"
        },
        {
            "binary_name": "libxml2-utils",
            "binary_version": "2.9.4+dfsg1-6.1ubuntu1.9"
        },
        {
            "binary_name": "python-libxml2",
            "binary_version": "2.9.4+dfsg1-6.1ubuntu1.9"
        },
        {
            "binary_name": "python3-libxml2",
            "binary_version": "2.9.4+dfsg1-6.1ubuntu1.9"
        }
    ]
}

Ubuntu:20.04:LTS / libxml2

Package

Name: libxml2
Purl: pkg:deb/ubuntu/libxml2@2.9.10+dfsg-5ubuntu0.20.04.6?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10+dfsg-5ubuntu0.20.04.6

Affected versions

2.*

2.9.4+dfsg1-7ubuntu3

2.9.4+dfsg1-7ubuntu5

2.9.4+dfsg1-8ubuntu1

2.9.4+dfsg1-8ubuntu2

2.9.4+dfsg1-8ubuntu3

2.9.10+dfsg-1ubuntu3

2.9.10+dfsg-4build1

2.9.10+dfsg-5

2.9.10+dfsg-5ubuntu0.20.04.1

2.9.10+dfsg-5ubuntu0.20.04.2

2.9.10+dfsg-5ubuntu0.20.04.3

2.9.10+dfsg-5ubuntu0.20.04.4

2.9.10+dfsg-5ubuntu0.20.04.5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libxml2",
            "binary_version": "2.9.10+dfsg-5ubuntu0.20.04.6"
        },
        {
            "binary_name": "libxml2-dev",
            "binary_version": "2.9.10+dfsg-5ubuntu0.20.04.6"
        },
        {
            "binary_name": "libxml2-utils",
            "binary_version": "2.9.10+dfsg-5ubuntu0.20.04.6"
        },
        {
            "binary_name": "python-libxml2",
            "binary_version": "2.9.10+dfsg-5ubuntu0.20.04.6"
        },
        {
            "binary_name": "python3-libxml2",
            "binary_version": "2.9.10+dfsg-5ubuntu0.20.04.6"
        }
    ]
}

Ubuntu:22.04:LTS / libxml2

Package

Name: libxml2
Purl: pkg:deb/ubuntu/libxml2@2.9.13+dfsg-1ubuntu0.3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.13+dfsg-1ubuntu0.3

Affected versions

2.*

2.9.12+dfsg-4

2.9.12+dfsg-5

2.9.12+dfsg-6

2.9.13+dfsg-1

2.9.13+dfsg-1build1

2.9.13+dfsg-1ubuntu0.1

2.9.13+dfsg-1ubuntu0.2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libxml2",
            "binary_version": "2.9.13+dfsg-1ubuntu0.3"
        },
        {
            "binary_name": "libxml2-dev",
            "binary_version": "2.9.13+dfsg-1ubuntu0.3"
        },
        {
            "binary_name": "libxml2-utils",
            "binary_version": "2.9.13+dfsg-1ubuntu0.3"
        },
        {
            "binary_name": "python3-libxml2",
            "binary_version": "2.9.13+dfsg-1ubuntu0.3"
        }
    ]
}