CVE-2022-49043 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.1 HIGH	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 44%

Affected Products (NVD)

Vendor	Product	Version
xmlsoft	libxml2	𝑥 < 2.11.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libxml2

bookworm	vulnerable
bullseye	vulnerable
bullseye (security)	vulnerable
sid	vulnerable
trixie	vulnerable

openSUSE / SLES Releases

openSUSE Product

Release

libxml2-2

suse enterprise desktop 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise sap 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise server 12 SP3	2.9.4-46.78.1 fixed
suse enterprise server 12 SP5	2.9.4-46.78.1 fixed
suse enterprise server 15 SP2	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP3	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP4	2.9.14-150400.5.35.1 fixed
suse enterprise server 15 SP5	2.10.3-150500.5.20.1 fixed
suse enterprise server 15 SP6	2.10.3-150500.5.20.1 fixed

libxml2-2-32bit

suse enterprise desktop 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise sap 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise server 12 SP3	2.9.4-46.78.1 fixed
suse enterprise server 12 SP5	2.9.4-46.78.1 fixed
suse enterprise server 15 SP2	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP3	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP4	2.9.14-150400.5.35.1 fixed
suse enterprise server 15 SP5	2.10.3-150500.5.20.1 fixed
suse enterprise server 15 SP6	2.10.3-150500.5.20.1 fixed

libxml2-devel

suse enterprise desktop 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise sap 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise server 12 SP5	2.9.4-46.78.1 fixed
suse enterprise server 15 SP2	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP3	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP4	2.9.14-150400.5.35.1 fixed
suse enterprise server 15 SP5	2.10.3-150500.5.20.1 fixed
suse enterprise server 15 SP6	2.10.3-150500.5.20.1 fixed

libxml2-doc

suse enterprise server 12 SP3	2.9.4-46.78.1 fixed
suse enterprise server 12 SP5	2.9.4-46.78.1 fixed

libxml2-tools

suse enterprise desktop 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise sap 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise server 12 SP3	2.9.4-46.78.1 fixed
suse enterprise server 12 SP5	2.9.4-46.78.1 fixed
suse enterprise server 15 SP2	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP3	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP4	2.9.14-150400.5.35.1 fixed
suse enterprise server 15 SP5	2.10.3-150500.5.20.1 fixed
suse enterprise server 15 SP6	2.10.3-150500.5.20.1 fixed

python-libxml2

suse enterprise server 12 SP3	2.9.4-46.78.1 fixed
suse enterprise server 12 SP5	2.9.4-46.78.1 fixed

python2-libxml2-python

suse enterprise server 15 SP2

2.9.7-150000.3.73.1

fixed

python3-libxml2

suse enterprise desktop 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise sap 15 SP6	2.10.3-150500.5.20.1 fixed
suse enterprise server 15 SP4	2.9.14-150400.5.35.1 fixed
suse enterprise server 15 SP5	2.10.3-150500.5.20.1 fixed
suse enterprise server 15 SP6	2.10.3-150500.5.20.1 fixed

python3-libxml2-python

suse enterprise server 15 SP2	2.9.7-150000.3.73.1 fixed
suse enterprise server 15 SP3	2.9.7-150000.3.73.1 fixed

python311-libxml2

suse enterprise server 15 SP4	2.9.14-150400.5.35.1 fixed
suse enterprise server 15 SP5	2.10.3-150500.5.20.1 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

libxml2

RHEL 8	0:2.9.7-18.el8_10.2 fixed
RHEL 8.8 AUS	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 E4S	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 EUS	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 TUS	0:2.9.7-16.el8_8.7 fixed
RHEL 9	0:2.9.13-6.el9_5.1 fixed

libxml2-devel

RHEL 8	0:2.9.7-18.el8_10.2 fixed
RHEL 8.8 AUS	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 E4S	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 EUS	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 TUS	0:2.9.7-16.el8_8.7 fixed
RHEL 9	0:2.9.13-6.el9_5.1 fixed

python3-libxml2

RHEL 8	0:2.9.7-18.el8_10.2 fixed
RHEL 8.8 AUS	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 E4S	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 EUS	0:2.9.7-16.el8_8.7 fixed
RHEL 8.8 TUS	0:2.9.7-16.el8_8.7 fixed
RHEL 9	0:2.9.13-6.el9_5.1 fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://github.com/php/php-src/issues/17467

https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html