Skip to content

Commit 9941c0d

Browse files
committed
add: AVE-2025-0027
1 parent 45e9d96 commit 9941c0d

1 file changed

Lines changed: 31 additions & 18 deletions

File tree

vulns/2022/AVE-2022-0004.toml

Lines changed: 31 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,38 @@
1+
[id]
2+
ave_id = "AVE-2022-0004"
3+
cve_id = "CVE-2022-49043"
4+
aliases = ["CVE-2022-49043"]
5+
16
[basic]
2-
description = "Vulnerability identified as CVE-2022-49043. Please refer to vendor advisory for details."
3-
published = "2026-07-10"
4-
remediation = "Refer to vendor advisory and upgrade to fixed version."
5-
score = 5.0
6-
severity = "MEDIUM"
7-
sources = ["msrc"]
8-
title = "CVE-2022-49043 vulnerability"
9-
updated = "2026-07-10"
7+
title = "libxml2 xmlXIncludeAddNode 释放后重用漏洞"
8+
description = "libxml2 的 xmlXIncludeAddNode 函数在处理 XML XInclude 时存在释放后重用(Use-After-Free)漏洞。当处理特制的 XML 文档时,已释放的内存仍被引用,可能导致攻击者利用精心构造的 XML 文件造成堆破坏,进而实现任意代码执行或拒绝服务。攻击者可诱导用户或服务解析恶意 XML 文件来触发漏洞。"
9+
severity = "HIGH"
10+
score = 7.8
11+
cvss_v3 = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
12+
remediation = "升级 libxml2 至 2.11.0 或更高版本。对于无法立即升级的系统,应避免解析来自不可信来源的 XML 文件,尤其是包含 XInclude 指令的文档。"
13+
published = "2025-01-26"
14+
updated = "2026-06-17"
15+
sources = ["msrc", "nvd", "gitlab"]
16+
17+
[affected]
18+
vendor = "xmlsoft"
19+
product = "libxml2"
20+
21+
[references]
22+
urls = [
23+
"https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b",
24+
"https://github.com/php/php-src/issues/17467",
25+
"https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html",
26+
"https://nvd.nist.gov/vuln/detail/CVE-2022-49043",
27+
]
1028

1129
[exploit]
30+
poc_urls = [
31+
"https://github.com/php/php-src/issues/17467",
32+
]
1233
exp_urls = []
13-
poc_urls = []
14-
15-
[id]
16-
aliases = ["CVE-2022-49043"]
17-
ave_id = "AVE-2022-0004"
18-
cve_id = "CVE-2022-49043"
34+
nuclei_templates = []
1935

2036
[meta]
21-
collected_at = "2026-07-10T12:52:04.248072090+00:00"
2237
status = "completed"
23-
24-
[references]
25-
urls = []
38+
collected_at = "2026-07-11T00:00:00+00:00"

0 commit comments

Comments
 (0)