Lucene search
MitreCVE-2022-23308HistoryFeb 26, 2022 - 5:15 a.m.
CVE-2022-23308
2022-02-2605:15:08
CWE-416
mitre
web.nvd.nist.gov
358
7
cve-2022-23308
nvd
libxml2
vulnerability
use-after-free
id
idref
attributes
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.005
Percentile
75.7%
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
Affected configurations
Node
xmlsoftlibxml2Range<2.9.13
Node
fedoraprojectfedoraMatch34
Node
debiandebian_linuxMatch9.0
Node
appleipadosRange<15.5
ORappleiphone_osRange<15.5
ORapplemac_os_xRange10.15.0β10.15.7
ORapplemac_os_xMatch10.15.7
ORapplemac_os_xMatch10.15.7security_update_2020-001
ORapplemac_os_xMatch10.15.7security_update_2021-001
ORapplemac_os_xMatch10.15.7security_update_2021-002
ORapplemac_os_xMatch10.15.7security_update_2021-003
ORapplemac_os_xMatch10.15.7security_update_2021-004
ORapplemac_os_xMatch10.15.7security_update_2021-005
ORapplemac_os_xMatch10.15.7security_update_2021-006
ORapplemac_os_xMatch10.15.7security_update_2021-007
ORapplemac_os_xMatch10.15.7security_update_2021-008
ORapplemac_os_xMatch10.15.7security_update_2022-001
ORapplemac_os_xMatch10.15.7security_update_2022-003
ORapplemacosRange11.6.0β11.6.6
ORapplemacosRange12.0β12.4
ORappletvosRange<15.5
ORapplewatchosRange<8.6
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
ORnetappclustered_data_ontapMatch-
ORnetappclustered_data_ontap_antivirus_connectorMatch-
ORnetappmanageability_software_development_kitMatch-
ORnetappontap_select_deploy_administration_utilityMatch-
ORnetappsmi-s_providerMatch-
ORnetappsnapdriveMatch-unix
ORnetappsnapmanagerMatch-oracle
ORnetappsolidfire\,_enterprise_sds_\&_hci_storage_nodeMatch-
ORnetappsolidfire_\&_hci_management_nodeMatch-
Node
netapphci_compute_nodeMatch-
netappbootstrap_osMatch-
Node
netapph300sMatch-
netapph300s_firmwareMatch-
Node
netapph500sMatch-
netapph500s_firmwareMatch-
Node
netapph700sMatch-
netapph700s_firmwareMatch-
Node
netapph300eMatch-
netapph300e_firmwareMatch-
Node
netapph500e_firmwareMatch-
netapph500eMatch-
Node
netapph700e_firmwareMatch-
netapph700eMatch-
Node
netapph410s_firmwareMatch-
netapph410sMatch-
Node
netapph410c_firmwareMatch-
netapph410cMatch-
Node
oraclecommunications_cloud_native_core_binding_support_functionMatch22.2.0
ORoraclecommunications_cloud_native_core_network_function_cloud_native_environmentMatch22.1.0
ORoraclecommunications_cloud_native_core_network_repository_functionMatch22.1.2
ORoraclecommunications_cloud_native_core_network_repository_functionMatch22.2.0
ORoraclecommunications_cloud_native_core_network_slice_selection_functionMatch22.1.1
ORoraclecommunications_cloud_native_core_unified_data_repositoryMatch22.2.0
ORoraclemysql_workbenchRangeβ€8.0.29
ORoraclezfs_storage_appliance_kitMatch8.8
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xmlsoft | libxml2 | * | cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* |
| fedoraproject | fedora | 34 | cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* |
| debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| apple | ipados | * | cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
| apple | iphone_os | * | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple | mac_os_x | * | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* |
| apple | mac_os_x | 10.15.7 | cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* |
References
seclists.org/fulldisclosure/2022/May/33
seclists.org/fulldisclosure/2022/May/34
seclists.org/fulldisclosure/2022/May/35
seclists.org/fulldisclosure/2022/May/36
seclists.org/fulldisclosure/2022/May/37
seclists.org/fulldisclosure/2022/May/38
github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
lists.debian.org/debian-lts-announce/2022/04/msg00004.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/
security.gentoo.org/glsa/202210-03
security.netapp.com/advisory/ntap-20220331-0008/
support.apple.com/kb/HT213253
support.apple.com/kb/HT213254
support.apple.com/kb/HT213255
support.apple.com/kb/HT213256
support.apple.com/kb/HT213257
support.apple.com/kb/HT213258
www.oracle.com/security-alerts/cpujul2022.html
Social References
More
Related
fedora
fedora
[SECURITY] Fedora 35 Update: libxml2-2.9.13-1.fc35
2022-02-24 23:09:27
[SECURITY] Fedora 34 Update: libxml2-2.9.13-1.fc34
2022-03-08 21:33:04
nessus
nessus
Oracle Linux 8 : libxml2 (ELSA-2022-0899)
2022-03-16 00:00:00
EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2022-1541)
2022-04-25 00:00:00
EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2022-1741)
2022-05-26 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2022-03-06 13:40:17
oraclelinux
oraclelinux
libxml2 security update
2022-03-16 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2022-059-01)
2022-04-21 00:00:00
Fedora: Security Advisory for libxml2 (FEDORA-2022-b661dea83d)
2022-02-25 00:00:00
debiancve
debiancve
CVE-2022-23308
2022-02-26 05:15:08
redhatcve
redhatcve
CVE-2022-23308
2022-02-22 11:31:34
almalinux
almalinux
Moderate: libxml2 security update
2022-03-15 09:12:39
veracode
veracode
Use After Free
2022-02-28 13:21:21
ubuntucve
ubuntucve
CVE-2022-23308
2022-02-26 00:00:00
redos
redos
ROS-20220315-01
2022-03-15 00:00:00
cvelist
cvelist
CVE-2022-23308
2022-02-26 00:00:00
cloudfoundry
cloudfoundry
USN-5324-1: libxml2 vulnerability | Cloud Foundry
2022-05-23 00:00:00
USN-5422-1: libxml2 vulnerabilities | Cloud Foundry
2022-07-29 00:00:00
ubuntu
ubuntu
libxml2 vulnerability
2022-03-14 00:00:00
libxml2 vulnerabilities
2022-05-16 00:00:00
ibm
ibm
Security Bulletin: Vulnerability in libxml2 affects IBM Integrated Analytics System [CVE-2022-23308]
2024-09-26 14:16:41
prion
prion
Design/Logic Flaw
2022-02-26 05:15:00
f5
f5
K32760744 : libxml2 vulnerability CVE-2022-23308
2022-05-25 00:00:00
cnvd
cnvd
libxml2 Resource Management Error Vulnerability (CNVD-2022-21487)
2022-02-23 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-23308 affecting package libxml2 2.9.12-1
2022-03-19 16:40:53
CVE-2022-23308 affecting package libxml2 for versions less than 2.9.13-1
2022-04-09 06:51:46
slackware
slackware
[slackware-security] libxml2
2022-03-01 05:14:36
osv
osv
libxml2 vulnerability
2022-03-14 11:01:02
Moderate: libxml2 security update
2022-03-15 09:12:39
Moderate: libxml2 security update
2022-03-15 09:12:39
suse
suse
Security update for python-libxml2-python (important)
2022-03-10 00:00:00
Security update for libxml2 (important)
2022-07-26 00:00:00
Security update for libxml2 (important)
2022-05-19 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-23308
2022-03-14 11:04:40
amazon
amazon
Medium: libxml2
2022-07-19 01:21:00
Medium: libxml2
2023-04-27 16:19:00
rocky
rocky
libxml2 security update
2022-03-15 09:12:39
alpinelinux
alpinelinux
CVE-2022-23308
2022-02-26 05:15:08
nvd
nvd
CVE-2022-23308
2022-02-26 05:15:08
redhat
redhat
(RHSA-2022:0899) Moderate: libxml2 security update
2022-03-15 09:12:39
gentoo
gentoo
libxml2: Multiple Vulnerabilities
2022-10-16 00:00:00
github
github
Vulnerable dependencies in Nokogiri
2022-02-25 20:32:09
photon
photon
Important Photon OS Security Update - PHSA-2022-0167
2022-03-29 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0167
2022-03-29 00:00:00
Important Photon OS Security Update - PHSA-2022-0477
2022-03-04 00:00:00
rubygems
rubygems
Update packaged libxml2 (2.9.12 β 2.9.13) and libxslt (1.1.34 β 1.1.35)
2022-02-20 21:00:00
altlinux
altlinux
debian
debian
[SECURITY] [DLA 2972-1] libxml2 security update
2022-04-08 21:17:02
rosalinux
rosalinux
Advisory ROSA-SA-2024-2356
2024-02-20 10:05:34
ics
ics
βSiemens SINAMICS Medium Voltage Products
2023-06-15 12:00:00
Siemens SCALANCE, RUGGEDCOM Third-Party
2023-03-16 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
apple
apple
About the security content of watchOS 8.6
2022-05-16 00:00:00
About the security content of tvOS 15.5
2022-05-16 00:00:00
About the security content of Security Update 2022-004 Catalina
2022-05-16 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
7.7
Confidence
High
EPSS
0.005
Percentile
75.7%
Related for CVE-2022-23308