Description
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
References (19)
Core 19
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LA3MWWAYZADWJ5F6JOUBX65UZAMQB7RF/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/33
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/37
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/35
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/38
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/36
Mailing List, Third Party Advisory mailing-list
http://seclists.org/fulldisclosure/2022/May/34
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-03
Patch, Third Party Advisory
https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
Release Notes, Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220331-0008/
Third Party Advisory
https://support.apple.com/kb/HT213253
Third Party Advisory
https://support.apple.com/kb/HT213254
Third Party Advisory
https://support.apple.com/kb/HT213255
Third Party Advisory
https://support.apple.com/kb/HT213256
Third Party Advisory
https://support.apple.com/kb/HT213257
Third Party Advisory
https://support.apple.com/kb/HT213258
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Scores
CVSS v3
7.5
EPSS
0.0005
EPSS Percentile
15.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (37)
apple/ipados
< 15.5
apple/iphone_os
< 15.5
apple/mac_os_x
10.15.7 (12 CPE variants)
apple/mac_os_x
10.15.0 - 10.15.7
apple/macos
11.6.0 - 11.6.6
apple/tvos
< 15.5
apple/watchos
< 8.6
debian/debian_linux
9.0
fedoraproject/fedora
34
netapp/active_iq_unified_manager
... and 27 more
Published
Feb 26, 2022
Tracked Since
Feb 18, 2026