Home

CVE-2022-23308

Description

valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.05

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-1292,CVE-2022-23308 are affected in MySQL Workbench Enterprise Edition 8.0.29Windows
Vulnerabilities CVE-2022-1292,CVE-2022-23308 are affected in MySQL Workbench CE (x64) 8.0.29Windows
Multiple vulnerabilities are fixed in Nessus 8.15.7Windows
Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.3.1)Windows
Multiple vulnerabilities are fixed in Nessus Agent (10.3.1)Windows
Multiple vulnerabilities are fixed in Tenable Nessus 8.15.7Windows
Multiple vulnerabilities are fixed in Tenable Nessus 10.3.1Windows
Multiple vulnerabilities are fixed in Mac OS - Monterey 12.4 (Software Update) - AutoRebootMac
Multiple vulnerabilities are fixed in MacOS Big Sur 11.6.6 - Software UpdateMac
GNOME XML library (USN-5324-1) libxml2_2.9.12+dfsg-4ubuntu0.1_i386.debLinux
GNOME XML library (USN-5324-1) libxml2_2.9.12+dfsg-4ubuntu0.1_amd64.debLinux
GNOME XML library (USN-5324-1) libxml2_2.9.4+dfsg1-6.1ubuntu1.5_i386.debLinux
GNOME XML library (USN-5324-1) libxml2_2.9.4+dfsg1-6.1ubuntu1.5_amd64.debLinux
GNOME XML library (USN-5324-1) libxml2_2.9.10+dfsg-5ubuntu0.20.04.2_i386.debLinux
GNOME XML library (USN-5324-1) libxml2_2.9.10+dfsg-5ubuntu0.20.04.2_amd64.debLinux
GNOME XML library (USN-5324-1) libxml2-utils_2.9.12+dfsg-4ubuntu0.1_i386.debLinux
GNOME XML library (USN-5324-1) libxml2-utils_2.9.12+dfsg-4ubuntu0.1_amd64.debLinux
GNOME XML library (USN-5324-1) libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.5_i386.debLinux
GNOME XML library (USN-5324-1) libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.5_amd64.debLinux
GNOME XML library (USN-5324-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.2_i386.debLinux
GNOME XML library (USN-5324-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.2_amd64.debLinux
Libxml2 update (ELSA-2022-0899) libxml2-2.9.7-12.el8_5.i686.rpmLinux
Libxml2 update (ELSA-2022-0899) libxml2-2.9.7-12.el8_5.x86_64.rpmLinux
Libxml2-devel update (ELSA-2022-0899) libxml2-devel-2.9.7-12.el8_5.i686.rpmLinux
Libxml2-devel update (ELSA-2022-0899) libxml2-devel-2.9.7-12.el8_5.x86_64.rpmLinux
Python3-libxml2 update (ELSA-2022-0899) python3-libxml2-2.9.7-12.el8_5.x86_64.rpmLinux
(RHSA-2022:0899) libxml2 security update libxml2-debugsource-2.9.7-12.el8_5.i686.rpmLinux
(RHSA-2022:0899) libxml2 security update libxml2-debugsource-2.9.7-12.el8_5.x86_64.rpmLinux
GNOME XML library (USN-5422-1) libxml2_2.9.12+dfsg-4ubuntu0.2_i386.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.12+dfsg-4ubuntu0.2_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.13+dfsg-1ubuntu0.2_i386.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.13+dfsg-1ubuntu0.2_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.4+dfsg1-6.1ubuntu1.7_i386.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.4+dfsg1-6.1ubuntu1.7_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.10+dfsg-5ubuntu0.20.04.4_i386.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.10+dfsg-5ubuntu0.20.04.4_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.12+dfsg-4ubuntu0.2_i386.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.12+dfsg-4ubuntu0.2_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.13+dfsg-1ubuntu0.1_i386.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.13+dfsg-1ubuntu0.2_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.7_i386.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.7_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.4_i386.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.4_amd64.debLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-32bit-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-32bit-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-debugsource-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-doc-2.9.4-46.49.1.noarch.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-debuginfo-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debuginfo-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2022:1308-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debugsource-2.9.4-46.49.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
libxml2 Security Update (ALAS2023-2023-096) libxml2-2.10.3-2.amzn2023.0.1.x86_64.rpmLinux
libxml2 Security Update (ALAS2023-2023-096) libxml2-devel-2.10.3-2.amzn2023.0.1.x86_64.rpmLinux
libxml2 Security Update (ALAS2023-2023-096) libxml2-static-2.10.3-2.amzn2023.0.1.x86_64.rpmLinux
libxml2 Security Update (ALAS2023-2023-096) python3-libxml2-2.10.3-2.amzn2023.0.1.x86_64.rpmLinux
Use After Free Vulnerability (CVE-2022-23308)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-347137MySQL Workbench CE (x64) (8.0.42)
PATCH-346982Nessus Agent (x64) (10.8.4) (Manual Upload Required)
PATCH-346981Nessus Agent (10.8.4) (Manual Upload Required)
PATCH-608134Mac OS - Monterey 12.7.6 (Software Update) - AutoReboot (CVE-2024-27877)
PATCH-605753MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234