7.5

CVE-2022-23308

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version < 2.9.13
FedoraprojectFedora Version34
DebianDebian Linux Version9.0
AppleiPadOS Version < 15.5
AppleiPhone OS Version < 15.5
ApplemacOS X Version >= 10.15.0 < 10.15.7
ApplemacOS X Version10.15.7
ApplemacOS X Version10.15.7 Updatesecurity_update_2020-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-002
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-003
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-004
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-005
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-006
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-007
ApplemacOS X Version10.15.7 Updatesecurity_update_2021-008
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-001
ApplemacOS X Version10.15.7 Updatesecurity_update_2022-003
ApplemacOS Version >= 11.6.0 < 11.6.6
ApplemacOS Version >= 12.0 < 12.4
AppletvOS Version < 15.5
ApplewatchOS Version < 8.6
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappSmi-s Provider Version-
NetappSnapdrive Version- SwPlatformunix
NetappSnapmanager Version- SwPlatformoracle
NetappBootstrap Os Version-
   NetappHci Compute Node Version-
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH300e Firmware Version-
   NetappH300e Version-
NetappH500e Firmware Version-
   NetappH500e Version-
NetappH700e Firmware Version-
   NetappH700e Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
OracleMysql Workbench Version <= 8.0.29
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.01% 0.924
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://seclists.org/fulldisclosure/2022/May/34
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT213258
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/May/35
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT213256
Third Party Advisory
http://seclists.org/fulldisclosure/2022/May/33
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/May/38
Third Party Advisory
Mailing List
https://support.apple.com/kb/HT213255
Third Party Advisory
https://support.apple.com/kb/HT213257
Third Party Advisory
http://seclists.org/fulldisclosure/2022/May/36
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/May/37
Third Party Advisory
Mailing List
https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
Patch
Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
Third Party Advisory
Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/
https://security.gentoo.org/glsa/202210-03
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0008/
Third Party Advisory
https://support.apple.com/kb/HT213253
Third Party Advisory
https://support.apple.com/kb/HT213254
Third Party Advisory