CVE-2022-23308

Description

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.07%• Percentile: 22%

Techniques & Countermeasures

• CWE-416•Use After Free

  The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

Affected Systems

• apple•ipados

  < 15.5

• apple•iphone_os

  < 15.5

• apple•mac_os_x

  ≥ 10.15.0, < 10.15.7 | 10.15.7 | 10.15.7:security_update_2020-001 | 10.15.7:security_update_2021-001 | 10.15.7:security_update_2021-002 | 10.15.7:security_update_2021-003 | 10.15.7:security_update_2021-004 | 10.15.7:security_update_2021-005 | 10.15.7:security_update_2021-006 | 10.15.7:security_update_2021-007 | 10.15.7:security_update_2021-008 | 10.15.7:security_update_2022-001 | 10.15.7:security_update_2022-003

• Unknown•macOS

  ≥ 11.6.0, < 11.6.6 | ≥ 12.0, < 12.4

• apple•tvos

  < 15.5

• apple•watchos

  < 8.6

• debian•debian_linux

  9.0

• fedoraproject•fedora

  34

• netapp•active_iq_unified_manager

  na

• netapp•bootstrap_os

  na

• netapp•clustered_data_ontap

  na

• netapp•clustered_data_ontap_antivirus_connector

  na

• netapp•h300e

  na

• netapp•h300s_firmware

  na

• netapp•h410c_firmware

  na

• netapp•h410s_firmware

  na

• netapp•h500e

  na

• netapp•h500s_firmware

  na

• netapp•h700e

  na

• netapp•h700s_firmware

  na

• netapp•manageability_software_development_kit

  na

• netapp•ontap_select_deploy_administration_utility

  na

• netapp•smi-s_provider

  na

• netapp•snapdrive

  na

• netapp•snapmanager

  na

• netapp•solidfire_\&_hci_management_node

  na

• netapp•solidfire\,_enterprise_sds_\&_hci_storage_node

  na

• oracle•communications_cloud_native_core_binding_support_function

  22.2.0

• oracle•communications_cloud_native_core_network_function_cloud_native_environment

  22.1.0

• oracle•communications_cloud_native_core_network_repository_function

  22.1.2 | 22.2.0

• oracle•communications_cloud_native_core_network_slice_selection_function

  22.1.1

• oracle•communications_cloud_native_core_unified_data_repository

  22.2.0

• oracle•mysql_workbench

  ≤ 8.0.29

• oracle•zfs_storage_appliance_kit

  8.8

• xmlsoft•libxml2

  < 2.9.13

References (19)

• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/
• https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
• http://seclists.org/fulldisclosure/2022/May/33
• http://seclists.org/fulldisclosure/2022/May/37
• http://seclists.org/fulldisclosure/2022/May/35
• http://seclists.org/fulldisclosure/2022/May/38
• http://seclists.org/fulldisclosure/2022/May/36
• http://seclists.org/fulldisclosure/2022/May/34
• https://www.oracle.com/security-alerts/cpujul2022.html
• https://support.apple.com/kb/HT213257
• https://support.apple.com/kb/HT213256
• https://support.apple.com/kb/HT213255
• https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
• https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
• https://security.netapp.com/advisory/ntap-20220331-0008/
• https://support.apple.com/kb/HT213253
• https://support.apple.com/kb/HT213258
• https://support.apple.com/kb/HT213254
• https://security.gentoo.org/glsa/202210-03