CVE-2022-23308 Information

Jun 07, 2022 cve

Description

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/ https://security.netapp.com/advisory/ntap-20220331-0008/ https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html https://support.apple.com/kb/HT213253 https://support.apple.com/kb/HT213255 https://support.apple.com/kb/HT213256 https://support.apple.com/kb/HT213257 https://support.apple.com/kb/HT213258 https://support.apple.com/kb/HT213254 http://seclists.org/fulldisclosure/2022/May/33 http://seclists.org/fulldisclosure/2022/May/35 http://seclists.org/fulldisclosure/2022/May/34 http://seclists.org/fulldisclosure/2022/May/37 http://seclists.org/fulldisclosure/2022/May/36 http://seclists.org/fulldisclosure/2022/May/38

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: