CVE-2024-56171

CWE-416 — Use After Free CWE-121 — Stack-based Buffer Overflow CWE-139542 documents10 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 60.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Netapp Ontap

Timeline

PublishedFeb 18

Latest updateApr 1

Description

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:NExploitability: 1.4 | Impact: 5.8

Affected Packages4 packages

▶CVEListV5xmlsoft/libxml22.13.0 — 2.13.6+1

▶NVDxmlsoft/libxml22.13.0 — 2.13.6+1

▶Debianlibxml2< 2.9.10+dfsg-6.7+deb11u6+3

▶RubyGemsnokogiri< 1.18.3

Also affects: Ontap 9

🔴Vulnerability Details

GHSA

GHSA-m366-8h8r-6fqr: libxml2 before 2↗2025-02-19

▶

OSV

Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171↗2025-02-19

▶

GHSA

Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171↗2025-02-19

▶

GHSA

Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171↗2025-02-18

▶

CVEList

CVE-2024-56171: libxml2 before 2↗2025-02-18

▶

📋Vendor Advisories

Apple

CVE-2025-31182: watchOS 11.4↗2025-04-01

▶

Apple

CVE-2024-56171: watchOS 11.4↗2025-04-01

▶

Apple

CVE-2025-24238: watchOS 11.4↗2025-04-01

▶

Apple

CVE-2025-24178: watchOS 11.4↗2025-04-01

▶

Apple

CVE-2024-56171: iOS 18.4 and iPadOS 18.4↗2025-03-31

▶