CVE-2022-23308
published 2022-02-26CVE-2022-23308: valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.5_and_ipados | — | — |
| apple | ipados | < 15.5 | 15.5 |
| apple | iphone_os | < 15.5 | 15.5 |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.15.0 < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.6.0 < 11.6.6 | 11.6.6 |
| apple | macos | >= 12.0 < 12.4 | 12.4 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | security_update_2022-004_catalina | — | — |
| apple | tvos | < 15.5 | 15.5 |
| apple | tvos | — | — |
| apple | watchos | < 8.6 | 8.6 |
| apple | watchos | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.13+dfsg-1 (bookworm) | libxml2 2.9.13+dfsg-1 (bookworm) |
| fedoraproject | fedora | — | — |
| chrome_chrome | — | — | |
| msrc | cbl2_libxml2_2.9.13-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_libxml2_2.9.13-1_on_cbl_mariner_1.0 | — | — |
| nokogiri | nokogiri | >= 0 < 1.13.2 | 1.13.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa8.8HIGH
osv8.8HIGH