CVE-2022-23308

CVSS v3.1 7.5 (High)

CVSS v2.0 4.3 (Medium)

EPSS 0.46 % (76^th)

Affected Products 44

Advisories 20

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Weaknesses

CWE-416: Use After Free

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2022-02-26 05:15:08
(2 years ago)
Updated Date: 2023-11-07 03:44:08
(10 months ago)

Affected Products

Apple

Debian

Debian Linux

Fedoraproject

Fedora

Netapp

Oracle

Xmlsoft

Libxml2

Configuration #1

		CPE23	From	Up To
	Xmlsoft Libxml2 prior 2.9.13 version	cpe:2.3:a:xmlsoft:libxml2		< 2.9.13

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 34	cpe:2.3:o:fedoraproject:fedora:34

Configuration #3

		CPE23	From	Up To
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #4

		CPE23	From	Up To
	Apple Ipados prior 15.5 version	cpe:2.3:o:apple:ipados		< 15.5
	Apple Iphone Os prior 15.5 version	cpe:2.3:o:apple:iphone_os		< 15.5
	Apple Mac Os X from 10.15.0 version and prior 10.15.7 version	cpe:2.3:o:apple:mac_os_x	>= 10.15.0	< 10.15.7
	Apple Mac Os X 10.15.7	cpe:2.3:o:apple:mac_os_x:10.15.7
	Apple Mac Os X 10.15.7 Security Update 2020-001	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001
	Apple Mac Os X 10.15.7 Security Update 2021-001	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001
	Apple Mac Os X 10.15.7 Security Update 2021-002	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002
	Apple Mac Os X 10.15.7 Security Update 2021-003	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003
	Apple Mac Os X 10.15.7 Security Update 2021-004	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004
	Apple Mac Os X 10.15.7 Security Update 2021-005	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005
	Apple Mac Os X 10.15.7 Security Update 2021-006	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006
	Apple Mac Os X 10.15.7 Security Update 2021-007	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007
	Apple Mac Os X 10.15.7 Security Update 2021-008	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008
	Apple Mac Os X 10.15.7 Security Update 2022-001	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001
	Apple Mac Os X 10.15.7 Security Update 2022-003	cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003
	Apple Macos from 11.6.0 version and prior 11.6.6 version	cpe:2.3:o:apple:macos	>= 11.6.0	< 11.6.6
	Apple Macos from 12.0 version and prior 12.4 version	cpe:2.3:o:apple:macos	>= 12.0	< 12.4
	Apple Tvos prior 15.5 version	cpe:2.3:o:apple:tvos		< 15.5
	Apple Watchos prior 8.6 version	cpe:2.3:o:apple:watchos		< 8.6

Configuration #5

		CPE23	From	Up To
	Netapp Active Iq Unified Manager for Vmware Vsphere	cpe:2.3:a:netapp:active_iq_unified_manager:-:::::vmware_vsphere
	Netapp Clustered Data Ontap	cpe:2.3:a:netapp:clustered_data_ontap:-
	Netapp Clustered Data Ontap Antivirus Connector	cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-
	Netapp Manageability Software Development Kit	cpe:2.3:a:netapp:manageability_software_development_kit:-
	Netapp Ontap Select Deploy Administration Utility	cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-
	Netapp Smi-s Provider	cpe:2.3:a:netapp:smi-s_provider:-
	Netapp Snapdrive for Unix	cpe:2.3:a:netapp:snapdrive:-:::::unix
	Netapp Snapmanager for Oracle	cpe:2.3:a:netapp:snapmanager:-:::::oracle
	Netapp Solidfire, Enterprise Sds & Hci Storage Node	cpe:2.3:a:netapp:solidfire\%2c_enterprise_sds_\%26_hci_storage_node:-
	Netapp Solidfire & Hci Management Node	cpe:2.3:a:netapp:solidfire_\%26_hci_management_node:-

Configuration #6

AND

		CPE23	From	Up To
OR
	Netapp Hci Compute Node	cpe:2.3:h:netapp:hci_compute_node:-
OR
	Running on/with
	Netapp Bootstrap Os	cpe:2.3:o:netapp:bootstrap_os:-

Configuration #7

AND

		CPE23	From	Up To
OR
	Netapp H300s	cpe:2.3:h:netapp:h300s:-
OR
	Running on/with
	Netapp H300s Firmware	cpe:2.3:o:netapp:h300s_firmware:-

Configuration #8

AND

		CPE23	From	Up To
OR
	Netapp H500s	cpe:2.3:h:netapp:h500s:-
OR
	Running on/with
	Netapp H500s Firmware	cpe:2.3:o:netapp:h500s_firmware:-

Configuration #9

AND

		CPE23	From	Up To
OR
	Netapp H700s	cpe:2.3:h:netapp:h700s:-
OR
	Running on/with
	Netapp H700s Firmware	cpe:2.3:o:netapp:h700s_firmware:-

Configuration #10

AND

		CPE23	From	Up To
OR
	Netapp H300e	cpe:2.3:h:netapp:h300e:-
OR
	Running on/with
	Netapp H300e Firmware	cpe:2.3:o:netapp:h300e_firmware:-

Configuration #11

AND

		CPE23	From	Up To
OR
	Netapp H500e Firmware	cpe:2.3:o:netapp:h500e_firmware:-
OR
	Running on/with
	Netapp H500e	cpe:2.3:h:netapp:h500e:-

Configuration #12

AND

		CPE23	From	Up To
OR
	Netapp H700e Firmware	cpe:2.3:o:netapp:h700e_firmware:-
OR
	Running on/with
	Netapp H700e	cpe:2.3:h:netapp:h700e:-

Configuration #13

AND

		CPE23	From	Up To
OR
	Netapp H410s Firmware	cpe:2.3:o:netapp:h410s_firmware:-
OR
	Running on/with
	Netapp H410s	cpe:2.3:h:netapp:h410s:-

Configuration #14

AND

		CPE23	From	Up To
OR
	Netapp H410c Firmware	cpe:2.3:o:netapp:h410c_firmware:-
OR
	Running on/with
	Netapp H410c	cpe:2.3:h:netapp:h410c:-

Configuration #15

		CPE23	From	Up To
	Oracle Communications Cloud Native Core Binding Support Function 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.2.0
	Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0
	Oracle Communications Cloud Native Core Network Repository Function 22.1.2	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2
	Oracle Communications Cloud Native Core Network Repository Function 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0
	Oracle Communications Cloud Native Core Network Slice Selection Function 22.1.1	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1
	Oracle Communications Cloud Native Core Unified Data Repository 22.2.0	cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0
	Oracle Mysql Workbench 8.0.29 and prior versions	cpe:2.3:a:oracle:mysql_workbench		<= 8.0.29
	Oracle Zfs Storage Appliance Kit 8.8	cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8