CVE-2022-23308

Public on 2022-02-26

Modified on 2023-04-27

Description

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Severity

Medium

See what this means

CVSS v3 Base Score

8.1

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	ibxml2-2.9.1-6.4.41.amzn1			No Fix Planned
Amazon Linux 1	libxml2	2023-05-03	ALAS-2023-1743	Fixed
Amazon Linux 2 - Core	libxml2	2022-07-20	ALAS2-2022-1826	Fixed
Amazon Linux 2023	libxml2	2023-03-22	ALAS2023-2023-096	Fixed
Amazon Linux 2 - Core	libxml2-2.9.1-6.amzn2.5.4			Pending Fix
Amazon Linux 2023	libxml2-2.9.12-4.amzn2022			Pending Fix