Description

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Related CPE's

a

xmlsoft

libxml2

Vulnerable

o

fedoraproject

fedora

34

Vulnerable

o

debian

debian_linux

9.0

Vulnerable

o

apple

ipados

Vulnerable

o

apple

iphone_os

Vulnerable

o

apple

mac_os_x

13

o

apple

macos

2

o

apple

tvos

Vulnerable

o

apple

watchos

Vulnerable

a

netapp

active_iq_unified_manager

-

*

*

*

*

vmware_vsphere

Vulnerable

a

netapp

clustered_data_ontap

-

Vulnerable

a

netapp

clustered_data_ontap_antivirus_connector

-

Vulnerable

a

netapp

manageability_software_development_kit

-

Vulnerable

a

netapp

ontap_select_deploy_administration_utility

-

Vulnerable

a

netapp

smi-s_provider

-

Vulnerable

a

netapp

snapdrive

-

*

*

*

*

unix

Vulnerable

a

netapp

snapmanager

-

*

*

*

*

oracle

Vulnerable

a

netapp

solidfire\,_enterprise_sds_\&_hci_storage_node

-

Vulnerable

a

netapp

solidfire_\&_hci_management_node

-

Vulnerable

h

netapp

hci_compute_node

-

o

netapp

bootstrap_os

-

Vulnerable

h

netapp

h300s

-

o

netapp

h300s_firmware

-

Vulnerable

h

netapp

h500s

-

o

netapp

h500s_firmware

-

Vulnerable

h

netapp

h700s

-

o

netapp

h700s_firmware

-

Vulnerable

h

netapp

h300e

-

o

netapp

h300e_firmware

-

Vulnerable

o

netapp

h500e_firmware

-

Vulnerable

h

netapp

h500e

-

o

netapp

h700e_firmware

-

Vulnerable

h

netapp

h700e

-

o

netapp

h410s_firmware

-

Vulnerable

h

netapp

h410s

-

o

netapp

h410c_firmware

-

Vulnerable

h

netapp

h410c

-

a

oracle

communications_cloud_native_core_binding_support_function

22.2.0

Vulnerable

a

oracle

communications_cloud_native_core_network_function_cloud_native_environment

22.1.0

Vulnerable

a

oracle

communications_cloud_native_core_network_repository_function

2

a

oracle

communications_cloud_native_core_network_slice_selection_function

22.1.1

Vulnerable

a

oracle

communications_cloud_native_core_unified_data_repository

22.2.0

Vulnerable

a

oracle

mysql_workbench

Vulnerable

a

oracle

zfs_storage_appliance_kit

8.8

Vulnerable

References

http://seclists.org/fulldisclosure/2022/May/33

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/34

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/35

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/36

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/37

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/May/38

Mailing ListThird Party Advisory

https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e

PatchThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/

https://security.gentoo.org/glsa/202210-03

Third Party Advisory

https://security.netapp.com/advisory/ntap-20220331-0008/

Third Party Advisory

https://support.apple.com/kb/HT213253

Third Party Advisory

https://support.apple.com/kb/HT213254

Third Party Advisory

https://support.apple.com/kb/HT213255

Third Party Advisory

https://support.apple.com/kb/HT213256

Third Party Advisory

https://support.apple.com/kb/HT213257

Third Party Advisory

https://support.apple.com/kb/HT213258

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

PatchThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-416

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-02-26T05:15:08.280

3 years ago

Last modified

2023-11-07T03:44:08.253

2 years ago