CVE-2022-49043

CWE-416 — Use After Free11 documents8 sources

Severity

7.8HIGH

EPSS

0.2%

top 55.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2

Timeline

PublishedJan 26

Latest updateFeb 25

Description

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 1.4 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5xmlsoft/libxml22.0.0 — 2.11.0

▶NVDxmlsoft/libxml2< 2.11.0

▶Debianlibxml2< 2.9.10+dfsg-6.7+deb11u6+3

▶Ubuntulibxml2< 2.9.10+dfsg-5ubuntu0.20.04.9+8

Patches

Patch: gitlab.gnome.org ↗

🔴Vulnerability Details

OSV

libxml2 vulnerabilities↗2025-02-25

▶

OSV

libxml2 vulnerabilities↗2025-01-29

▶

OSV

CVE-2022-49043: xmlXIncludeAddNode in xinclude↗2025-01-26

▶

GHSA

GHSA-84p5-cqqq-h4gr: xmlXIncludeAddNode in xinclude↗2025-01-26

▶

CVEList

CVE-2022-49043: xmlXIncludeAddNode in xinclude↗2025-01-26

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2025-02-25

▶

Ubuntu

libxml2 vulnerabilities↗2025-01-29

▶

Red Hat

libxml: use-after-free in xmlXIncludeAddNode↗2025-01-26

▶

Microsoft

xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.↗2025-01-14

▶

Debian

CVE-2022-49043: libxml2 - xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.↗2022

▶