Use-After-Free Vulnerability in libxml2 by GNOME
CVE-2022-23308

7.5HIGH

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Vendor
CVE Published:
26 February 2022

What is CVE-2022-23308?

A use-after-free vulnerability exists in libxml2 prior to version 2.9.13, specifically affecting the handling of ID and IDREF attributes. This flaw may lead to potential unauthorized memory access, which can be exploited by attackers to execute arbitrary code or cause a denial of service. Users are advised to upgrade to the latest version to ensure system integrity and security.

References

https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.debian.org/debian-lts-announce/2022/04/msg0...
mailing-list
http://seclists.org/fulldisclosure/2022/May/33
mailing-list

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-23308 : Use-After-Free Vulnerability in libxml2 by GNOME