|
| 1 | +[id] |
| 2 | +ave_id = "AVE-2022-0004" |
| 3 | +cve_id = "CVE-2022-49043" |
| 4 | +aliases = ["CVE-2022-49043"] |
| 5 | + |
1 | 6 | [basic] |
2 | | -description = "Vulnerability identified as CVE-2022-49043. Please refer to vendor advisory for details." |
3 | | -published = "2026-07-10" |
4 | | -remediation = "Refer to vendor advisory and upgrade to fixed version." |
5 | | -score = 5.0 |
6 | | -severity = "MEDIUM" |
7 | | -sources = ["msrc"] |
8 | | -title = "CVE-2022-49043 vulnerability" |
9 | | -updated = "2026-07-10" |
| 7 | +title = "libxml2 xmlXIncludeAddNode 释放后重用漏洞" |
| 8 | +description = "libxml2 的 xmlXIncludeAddNode 函数在处理 XML XInclude 时存在释放后重用(Use-After-Free)漏洞。当处理特制的 XML 文档时,已释放的内存仍被引用,可能导致攻击者利用精心构造的 XML 文件造成堆破坏,进而实现任意代码执行或拒绝服务。攻击者可诱导用户或服务解析恶意 XML 文件来触发漏洞。" |
| 9 | +severity = "HIGH" |
| 10 | +score = 7.8 |
| 11 | +cvss_v3 = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" |
| 12 | +remediation = "升级 libxml2 至 2.11.0 或更高版本。对于无法立即升级的系统,应避免解析来自不可信来源的 XML 文件,尤其是包含 XInclude 指令的文档。" |
| 13 | +published = "2025-01-26" |
| 14 | +updated = "2026-06-17" |
| 15 | +sources = ["msrc", "nvd", "gitlab"] |
| 16 | + |
| 17 | +[affected] |
| 18 | +vendor = "xmlsoft" |
| 19 | +product = "libxml2" |
| 20 | + |
| 21 | +[references] |
| 22 | +urls = [ |
| 23 | + "https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b", |
| 24 | + "https://github.com/php/php-src/issues/17467", |
| 25 | + "https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html", |
| 26 | + "https://nvd.nist.gov/vuln/detail/CVE-2022-49043", |
| 27 | +] |
10 | 28 |
|
11 | 29 | [exploit] |
| 30 | +poc_urls = [ |
| 31 | + "https://github.com/php/php-src/issues/17467", |
| 32 | +] |
12 | 33 | exp_urls = [] |
13 | | -poc_urls = [] |
14 | | - |
15 | | -[id] |
16 | | -aliases = ["CVE-2022-49043"] |
17 | | -ave_id = "AVE-2022-0004" |
18 | | -cve_id = "CVE-2022-49043" |
| 34 | +nuclei_templates = [] |
19 | 35 |
|
20 | 36 | [meta] |
21 | | -collected_at = "2026-07-10T12:52:04.248072090+00:00" |
22 | 37 | status = "completed" |
23 | | - |
24 | | -[references] |
25 | | -urls = [] |
| 38 | +collected_at = "2026-07-11T00:00:00+00:00" |
0 commit comments