CVE-2022-23308

EPSS 0.06%
Veröffentlicht 26.02.2022 05:15:08
Zuletzt bearbeitet 05.05.2025 17:17:56
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 22

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xmlsoft ≫ Libxml2 Version < 2.9.13

Fedoraproject ≫ Fedora Version34

Debian ≫ Debian Linux Version9.0

Apple ≫ iPadOS Version < 15.5

Apple ≫ iPhone OS Version < 15.5

Apple ≫ macOS X Version >= 10.15.0 < 10.15.7

Apple ≫ macOS X Version10.15.7

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-004

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-006

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-007

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-008

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2022-003

Apple ≫ macOS Version >= 11.6.0 < 11.6.6

Apple ≫ macOS Version >= 12.0 < 12.4

Apple ≫ tvOS Version < 15.5

Apple ≫ watchOS Version < 8.6

Netapp ≫ Active Iq Unified Manager Version- SwPlatformvmware_vsphere

Netapp ≫ Clustered Data Ontap Version-

Netapp ≫ Clustered Data Ontap Antivirus Connector Version-

Netapp ≫ Manageability Software Development Kit Version-

Netapp ≫ Ontap Select Deploy Administration Utility Version-

Netapp ≫ Smi-s Provider Version-

Netapp ≫ Snapdrive Version- SwPlatformunix

Netapp ≫ Snapmanager Version- SwPlatformoracle

Netapp ≫ Bootstrap Os Version-

Netapp ≫ Hci Compute Node Version-

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H300e Firmware Version-

Netapp ≫ H300e Version-

Netapp ≫ H500e Firmware Version-

Netapp ≫ H500e Version-

Netapp ≫ H700e Firmware Version-

Netapp ≫ H700e Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Oracle ≫ Communications Cloud Native Core Binding Support Function Version22.2.0

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version22.1.0

Oracle ≫ Communications Cloud Native Core Network Repository Function Version22.1.2

Oracle ≫ Communications Cloud Native Core Network Repository Function Version22.2.0

Oracle ≫ Communications Cloud Native Core Network Slice Selection Function Version22.1.1

Oracle ≫ Communications Cloud Native Core Unified Data Repository Version22.2.0

Oracle ≫ Mysql Workbench Version <= 8.0.29

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.172

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://seclists.org/fulldisclosure/2022/May/34

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT213258

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

Third Party Advisory

Mailing List

http://seclists.org/fulldisclosure/2022/May/35