PublicDateAtUSN: 2022-02-26 05:15:00 UTC
Candidate: CVE-2022-23308
PublicDate: 2022-02-26 05:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23308
 https://access.redhat.com/security/cve/CVE-2022-23308
 https://ubuntu.com/security/notices/USN-5324-1
Description:
 valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF
 attributes.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by: Shinji Sato
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libxml2:
 upstream: https://gitlab.gnome.org/GNOME/libxml2/-/commit/652dd12a858989b14eed4e84e453059cd3ba340e
upstream_libxml2: released (2.9.13)
trusty/esm_libxml2: needs-triage
esm-infra/xenial_libxml2: needs-triage
trusty_libxml2: ignored (out of standard support)
xenial_libxml2: ignored (out of standard support)
bionic_libxml2: released (2.9.4+dfsg1-6.1ubuntu1.5)
focal_libxml2: released (2.9.10+dfsg-5ubuntu0.20.04.2)
impish_libxml2: released (2.9.12+dfsg-4ubuntu0.1)
jammy_libxml2: not-affected (2.9.13+dfsg-1)
devel_libxml2: not-affected (2.9.13+dfsg-1)