Vulnerability CVE-2022-23308: Information

Description

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-23308
Published: Feb. 26, 2022
Modified: Nov. 7, 2023
Error type identifier: CWE-416

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libxml2sisyphus2.9.14-alt12.12.7-alt1ALT-PU-2022-1807-1299383Fixed
libxml2sisyphus_e2k2.9.14-alt12.12.7-alt1ALT-PU-2022-4870-1-Fixed
libxml2sisyphus_riscv642.9.14-alt12.12.7-alt1ALT-PU-2022-4858-1-Fixed
libxml2p102.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-1172-1314068Fixed
libxml2p10_e2k2.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-2426-1-Fixed
libxml2c10f12.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-1172-1314068Fixed
libxml2c9f22.9.12-alt1.c9f2.12.9.12-alt1.c9f2.1ALT-PU-2022-3377-1311279Fixed
libxml2p112.9.14-alt12.12.7-alt1ALT-PU-2022-1807-1299383Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
  • Release Notes
  • Third Party Advisory
https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
  • Patch
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0008/
  • Third Party Advisory
[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update
  • Mailing List
  • Third Party Advisory
https://support.apple.com/kb/HT213253
  • Third Party Advisory
https://support.apple.com/kb/HT213255
  • Third Party Advisory
https://support.apple.com/kb/HT213256
  • Third Party Advisory
https://support.apple.com/kb/HT213257
  • Third Party Advisory
https://support.apple.com/kb/HT213258
  • Third Party Advisory
https://support.apple.com/kb/HT213254
  • Third Party Advisory
20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
  • Mailing List
  • Third Party Advisory
20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
  • Mailing List
  • Third Party Advisory
20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
  • Mailing List
  • Third Party Advisory
20220516 APPLE-SA-2022-05-16-6 tvOS 15.5
  • Mailing List
  • Third Party Advisory
20220516 APPLE-SA-2022-05-16-5 watchOS 8.6
  • Mailing List
  • Third Party Advisory
20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
  • Mailing List
  • Third Party Advisory
N/A
  • Patch
  • Third Party Advisory
GLSA-202210-03
  • Third Party Advisory
FEDORA-2022-050c712ed7

      1. Configuration 1

        cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
        End excliding
        2.9.13

        Configuration 2

        cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

        Configuration 4

        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*
        cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
        Start including
        10.15.0
        End excliding
        10.15.7
        cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*
        cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
        End excliding
        15.5
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
        End excliding
        8.6
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
        End excliding
        15.5
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
        End excliding
        15.5
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
        Start including
        12.0
        End excliding
        12.4
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
        Start including
        11.6.0
        End excliding
        11.6.6

        Configuration 5

        cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
        cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
        cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
        cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*

        Configuration 6

        cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

        Configuration 7

        cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

        Configuration 8

        cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

        Configuration 9

        cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

        Configuration 10

        cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

        Configuration 11

        cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

        Configuration 12

        cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

        Configuration 13

        cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

        Configuration 14

        cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

        Configuration 15

        cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*
        cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
        End including
        8.0.29
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.3
    Back to top