Updated: 2023-11-07 19:06:19.452774
Description:
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 6.8 |
| CVSS Version 3.x | HIGH | 8.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated |
|---|---|---|---|---|---|---|---|
| CentOS 6 ELS | libxml2 | 2.7.6 | 8.8 | HIGH | Released | CLSA-2022:1641903536 | 2022-05-05 12:03:57 |
| CentOS 7 ELS | libxml2 | 2.9.1 | 8.8 | HIGH | Released | CLSA-2023:1696537106 | 2023-10-05 17:08:33 |
| CentOS 8.4 ELS | libxml2 | 2.9.7-9 | 8.8 | HIGH | Already Fixed | 2023-10-30 11:22:09 | |
| CentOS 8.5 ELS | libxml2 | 2.9.7-9 | 8.8 | HIGH | Already Fixed | 2023-10-30 11:22:09 | |
| CloudLinux 6 ELS | libxml2 | 2.7.6 | 8.8 | HIGH | Released | CLSA-2021:1640697686 | 2022-04-19 21:49:51 |
| Oracle Linux 6 ELS | libxml2 | 2.7.6 | 8.8 | HIGH | Released | CLSA-2021:1640700669 | 2022-04-19 21:49:51 |
| Ubuntu 16.04 ELS | libxml2 | 2.9.3 | 8.8 | HIGH | Released | CLSA-2021:1640700710 | 2022-04-19 21:49:51 |
| Ubuntu 18.04 ELS | libxml2 | 2.9.4 | 8.8 | HIGH | Already Fixed | 2023-06-02 09:09:54 |