According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails.
    This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is 'I don't think these issues are     critical enough to warrant a CVE ID ... because an attacker typically can't control when memory     allocations fail.' (CVE-2023-45322)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45322 advisory.

  - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails.
    This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is I don't think these issues are     critical enough to warrant a CVE ID ... because an attacker typically can't control when memory     allocations fail. (CVE-2023-45322)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update of the libxml2 package has been released.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails.
    This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is I don't think these issues are     critical enough to warrant a CVE ID ... because an attacker typically can't control when memory     allocations fail. (CVE-2023-45322)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5949 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5949-1                   security@debian.org     https://www.debian.org/security/                                  Aron Xu     June 26, 2025                         https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : libxml2     CVE ID         : CVE-2022-49043 CVE-2023-39615 CVE-2023-45322 CVE-2024-25062                      CVE-2024-34459 CVE-2024-56171 CVE-2025-24928 CVE-2025-27113                      CVE-2025-32414 CVE-2025-32415     Debian Bug     : 1051230 1053629 1063234 1071162 1094238 1098320 1098321 1098322 1102521 1103511

    Brief introduction


    Multiple memory related vulnerabilities, inlcuding use-after-free,     out-of-bounds memory access and NULL pointer dereference, were discovered in     GNOME XML Parser and Toolkit Library and its Python bindings, which may cause     denial of service or other unintended behaviors.

    For the stable distribution (bookworm), these problems have been fixed in     version 2.9.14+dfsg-1.3~deb12u2.

    We recommend that you upgrade your libxml2 packages.

    For the detailed security status of libxml2 please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libxml2

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
188349	EulerOS 2.0 SP9 : libxml2 (EulerOS-SA-2023-3343)	Nessus	Huawei Local Security Checks	1/16/2024	1/16/2024	medium
188533	EulerOS 2.0 SP10 : libxml2 (EulerOS-SA-2024-1090)	Nessus	Huawei Local Security Checks	1/16/2024	1/16/2024	medium
188348	EulerOS 2.0 SP11 : libxml2 (EulerOS-SA-2023-3250)	Nessus	Huawei Local Security Checks	1/16/2024	1/16/2024	medium
214798	CBL Mariner 2.0 Security Update: libxml2 (CVE-2023-45322)	Nessus	MarinerOS Local Security Checks	1/30/2025	1/30/2025	medium
203646	Photon OS 4.0: Libxml2 PHSA-2023-4.0-0492	Nessus	PhotonOS Local Security Checks	7/23/2024	7/23/2024	medium
260357	Linux Distros Unpatched Vulnerability : CVE-2023-45322	Nessus	Misc.	9/2/2025	9/30/2025	medium
204628	Photon OS 3.0: Libxml2 PHSA-2023-3.0-0671	Nessus	PhotonOS Local Security Checks	7/24/2024	7/24/2024	medium
240559	Debian dsa-5949 : libxml2 - security update	Nessus	Debian Local Security Checks	6/26/2025	6/26/2025	high
504380	Siemens SIMATIC S7-1500 Use After Free (CVE-2023-45322)	Tenable OT Security	Tenable.ot	11/13/2025	11/13/2025	medium

Detections

Analytics

Plugins Search

medium

medium

medium

medium

medium

medium

medium

high

medium