Risk Scores
CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Azure Linux:2 | libxml2 | 0, 0 |
Timeline
- Apr 24, 2023 CVE Published
- Apr 21, 2026 CVE Updated
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).
| Vendor | Product | Versions |
|---|---|---|
| Azure Linux:2 | libxml2 | 0, 0 |