← volver
CVE-2022-23308

CVE-2022-23308

CVSS 7.5 HIGHEPSS 6.0%CWE-416
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://seclists.org/fulldisclosure/2022/May/33http://seclists.org/fulldisclosure/2022/May/34http://seclists.org/fulldisclosure/2022/May/35http://seclists.org/fulldisclosure/2022/May/36http://seclists.org/fulldisclosure/2022/May/37http://seclists.org/fulldisclosure/2022/May/38https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340ehttps://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWShttps://lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/https://security.gentoo.org/glsa/202210-03https://security.netapp.com/advisory/ntap-20220331-0008/