Описание
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
A flaw was found in libxml2. A call to the xmlGetID function can return a pointer already freed when parsing an XML document with the XML_PARSE_DTDVALID option and without the XML_PARSE_NOENT option, resulting in a use-after-free issue.
Отчет
The security impact of xmlGetID() returning a pointer to freed memory depends on the application and will mostly result in a denial of service (DoS). The typical use case of calling xmlGetID() on an unmodified document is not affected, therefore this issue was rated with a moderate severity.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libxml2 | Out of support scope | ||
| Red Hat Enterprise Linux 9 | libxml2 | Not affected | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-apr-util | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-curl | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_cluster-native | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_http2 | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_jk | Fixed | RHSA-2022:1389 | 20.04.2022 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_md | Fixed | RHSA-2022:1389 | 20.04.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF ...
EPSS
8.1 High
CVSS3