Описание
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
There's a flaw in libxml2. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Отчет
This flaw is out of support scope for Red Hat Enterprise Linux 6 and 7. To learn more about Red Hat Enterprise Linux support life cycles, please see https://access.redhat.com/support/policy/updates/errata .
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | compat-expat1 | Out of support scope | ||
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 9 | libxml2 | Not affected | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-apr-util | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-curl | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_cluster-native | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_http2 | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_jk | Fixed | RHSA-2022:1389 | 20.04.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
Связанные уязвимости
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
There's a flaw in libxml2 in versions before 2.9.11. An attacker who i ...
Nokogiri Implements libxml2 version vulnerable to use-after-free
EPSS
8.6 High
CVSS3