CVE-2024-56171 - Vulnerability Details

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Redhat	Enterprise Linux Jboss Core Services Openshift Openshift Ai Openshift Distributed Tracing Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7 Extended Lifecycle Support
libxml2-0:2.9.1-6.el7_9.9	cpe:/o:redhat:rhel_els:7	RHSA-2025:2673	2025-03-12T00:00:00Z
Red Hat Enterprise Linux 8
libxml2-0:2.9.7-19.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2025:2686	2025-03-12T00:00:00Z
libxml2-0:2.9.7-19.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2025:2686	2025-03-12T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
libxml2-0:2.9.7-9.el8_2.1	cpe:/a:redhat:rhel_aus:8.2	RHSA-2025:2654	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
libxml2-0:2.9.7-9.el8_4.5	cpe:/a:redhat:rhel_aus:8.4	RHSA-2025:2660	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
libxml2-0:2.9.7-9.el8_4.5	cpe:/a:redhat:rhel_tus:8.4	RHSA-2025:2660	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
libxml2-0:2.9.7-9.el8_4.5	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2025:2660	2025-03-11T00:00:00Z
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
libxml2-0:2.9.7-13.el8_6.8	cpe:/a:redhat:rhel_aus:8.6	RHSA-2025:2513	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Telecommunications Update Service
libxml2-0:2.9.7-13.el8_6.8	cpe:/a:redhat:rhel_tus:8.6	RHSA-2025:2513	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
libxml2-0:2.9.7-13.el8_6.8	cpe:/a:redhat:rhel_e4s:8.6	RHSA-2025:2513	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
libxml2-0:2.9.7-16.el8_8.7	cpe:/a:redhat:rhel_eus:8.8	RHSA-2025:2507	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9
libxml2-0:2.9.13-6.el9_5.2	cpe:/a:redhat:enterprise_linux:9	RHSA-2025:2679	2025-03-12T00:00:00Z
libxml2-0:2.9.13-6.el9_5.2	cpe:/o:redhat:enterprise_linux:9	RHSA-2025:2679	2025-03-12T00:00:00Z
Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions
libxml2-0:2.9.13-1.el9_0.4	cpe:/a:redhat:rhel_e4s:9.0	RHSA-2025:2483	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
libxml2-0:2.9.13-3.el9_2.6	cpe:/a:redhat:rhel_eus:9.2	RHSA-2025:2482	2025-03-10T00:00:00Z
Red Hat Enterprise Linux 9.4 Extended Update Support
libxml2-0:2.9.13-9.el9_4	cpe:/a:redhat:rhel_eus:9.4	RHSA-2025:2678	2025-03-12T00:00:00Z
Red Hat OpenShift Container Platform 4.13
rhcos-413.92.202503112237-0	cpe:/a:redhat:openshift:4.13::el9	RHSA-2025:2701	2025-03-20T00:00:00Z
Red Hat OpenShift Container Platform 4.15
rhcos-415.92.202503190057-0	cpe:/a:redhat:openshift:4.15::el9	RHSA-2025:3055	2025-03-26T00:00:00Z
Red Hat OpenShift Container Platform 4.16
rhcos-416.94.202503252048-0	cpe:/a:redhat:openshift:4.16::el9	RHSA-2025:3301	2025-04-03T00:00:00Z
Red Hat OpenShift Container Platform 4.17
rhcos-417.94.202503172033-0	cpe:/a:redhat:openshift:4.17::el9	RHSA-2025:3059	2025-03-26T00:00:00Z
Red Hat OpenShift Container Platform 4.18
rhcos-418.94.202503181639-0	cpe:/a:redhat:openshift:4.18::el9	RHSA-2025:3066	2025-03-25T00:00:00Z
Text-Only JBCS
libxml2	cpe:/a:redhat:jboss_core_services:1	RHSA-2025:3453	2025-04-02T00:00:00Z
Red Hat OpenShift AI 2.16
registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8:sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8:sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8:sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8:sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8:sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-kueue-controller-rhel8:sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8:sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8:sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8:sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-model-controller-rhel8:sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-modelmesh-rhel8:sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8:sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-notebook-controller-rhel8:sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3368	2025-03-27T00:00:00Z
registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8:sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8:sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8:sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8:sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8:sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-kueue-controller-rhel8:sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8:sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8:sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8:sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-model-controller-rhel8:sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-modelmesh-rhel8:sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8:sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
registry.redhat.io/rhoai/odh-notebook-controller-rhel8:sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5	cpe:/a:redhat:openshift_ai:2.16::el8	RHSA-2025:3397	2025-03-31T00:00:00Z
Red Hat OpenShift distributed tracing 3.5
registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:8b7455c14f26b80006568829343688b50ad1c563d339c35f70eb7d561499bc1c	cpe:/a:redhat:openshift_distributed_tracing:3.5::el8	RHSA-2025:2789	2025-03-13T00:00:00Z
registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:adb1f41e544331b0936c6591edb00c169a9e5a2592c12f6ee55aaab8786ff5ba	cpe:/a:redhat:openshift_distributed_tracing:3.5::el8	RHSA-2025:2789	2025-03-13T00:00:00Z
registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:cced4191c3e84f44eca2ed486592c473f97fd5cd0941edb9d216051802dad3f7	cpe:/a:redhat:openshift_distributed_tracing:3.5::el8	RHSA-2025:2789	2025-03-13T00:00:00Z

References

Link	Providers
https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
https://nvd.nist.gov/vuln/detail/CVE-2024-56171
https://security.netapp.com/advisory/ntap-20250328-0010/
https://www.cve.org/CVERecord?id=CVE-2024-56171

History

Fri, 04 Apr 2025 03:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.16::el9

Thu, 03 Apr 2025 03:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Core Services
CPEs		cpe:/a:redhat:jboss_core_services:1
Vendors & Products		Redhat jboss Core Services

Fri, 28 Mar 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Ai
CPEs		cpe:/a:redhat:openshift_ai:2.16::el8
Vendors & Products		Redhat openshift Ai
References		https://security.netapp.com/advisory/ntap-20250328-0010/

Thu, 27 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.15::el9 cpe:/a:redhat:openshift:4.17::el9

Wed, 26 Mar 2025 03:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:openshift:4.18::el9

Thu, 20 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift
CPEs		cpe:/a:redhat:openshift:4.13::el9
Vendors & Products		Redhat openshift

Fri, 14 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat openshift Distributed Tracing
CPEs		cpe:/a:redhat:openshift_distributed_tracing:3.5::el8
Vendors & Products		Redhat openshift Distributed Tracing

Thu, 13 Mar 2025 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux
CPEs		cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_eus:9.4 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat enterprise Linux

Wed, 12 Mar 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Els
CPEs		cpe:/o:redhat:rhel_els:7
Vendors & Products		Redhat rhel Els

Wed, 12 Mar 2025 07:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_aus:8.2 cpe:/a:redhat:rhel_aus:8.4 cpe:/a:redhat:rhel_e4s:8.4 cpe:/a:redhat:rhel_tus:8.4

Tue, 11 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Aus Redhat rhel Tus
CPEs		cpe:/a:redhat:rhel_aus:8.6 cpe:/a:redhat:rhel_e4s:8.6 cpe:/a:redhat:rhel_eus:8.8 cpe:/a:redhat:rhel_tus:8.6
Vendors & Products		Redhat rhel Aus Redhat rhel Tus

Mon, 10 Mar 2025 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat rhel E4s Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_e4s:9.0 cpe:/a:redhat:rhel_eus:9.2
Vendors & Products		Redhat Redhat rhel E4s Redhat rhel Eus

Wed, 19 Feb 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 19 Feb 2025 14:00:00 +0000

Type	Values Removed	Values Added
Title		libxml2: Use-After-Free in libxml2
References		https://nvd.nist.gov/vuln/detail/CVE-2024-56171 https://www.cve.org/CVERecord?id=CVE-2024-56171
Metrics	threat_severity `None`	threat_severity `Important`

Tue, 18 Feb 2025 22:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N'}`

Tue, 18 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Description		libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.
References		https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-02-18T00:00:00.000Z

Updated: 2025-03-28T15:03:06.595Z

Reserved: 2024-12-18T00:00:00.000Z

Link: CVE-2024-56171

Vulnrichment

Updated: 2025-03-28T15:03:06.595Z

NVD

Status : Awaiting Analysis

Published: 2025-02-18T22:15:12.797

Modified: 2025-03-28T15:15:46.003

Link: CVE-2024-56171

Redhat

Severity : Important

Publid Date: 2025-02-18T00:00:00Z

Links: CVE-2024-56171 - Bugzilla

{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-56171", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-28T15:03:06.595Z", "dateReserved": "2024-12-18T00:00:00.000Z", "datePublished": "2025-02-18T00:00:00.000Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "libxml2", "vendor": "xmlsoft", "versions": [{"lessThan": "2.12.10", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "2.13.6", "status": "affected", "version": "2.13.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-02-18T22:10:20.934Z"}, "references": [{"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"}}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.12.10"}, {"vulnerable": true, "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.13.0", "versionEndExcluding": "2.13.6"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-19T16:26:31.484719Z", "id": "CVE-2024-56171", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T16:26:41.297Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250328-0010/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-03-28T15:03:06.595Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://security.netapp.com/advisory/ntap-20250328-0010/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-03-28T15:03:06.595Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-56171", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-19T16:26:31.484719Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-19T16:26:36.659Z"}}], "cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"}}], "affected": [{"vendor": "xmlsoft", "product": "libxml2", "versions": [{"status": "affected", "version": "0", "lessThan": "2.12.10", "versionType": "semver"}, {"status": "affected", "version": "2.13.0", "lessThan": "2.13.6", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"}], "x_generator": {"engine": "enrichogram 0.0.1"}, "descriptions": [{"lang": "en", "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.12.10"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2.13.6", "versionStartIncluding": "2.13.0"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-02-18T22:10:20.934Z"}}}, "cveMetadata": {"cveId": "CVE-2024-56171", "state": "PUBLISHED", "dateUpdated": "2025-03-28T15:03:06.595Z", "dateReserved": "2024-12-18T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-02-18T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used."}, {"lang": "es", "value": "libxml2 antes de 2.12.10 y 2.13.x antes de 2.13.6 tiene un use-after-free en xmlschemaidcfillNodetable y xmlschemabubbleIdcnodetable en xmlschemas.c. Para explotar esto, un documento XML manipulado debe validarse contra un esquema XML con ciertas restricciones de identidad manipulado El esquema XML manipulado debe usarse."}], "id": "CVE-2024-56171", "lastModified": "2025-03-28T15:15:46.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.8, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-02-18T22:15:12.797", "references": [{"source": "cve@mitre.org", "url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20250328-0010/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:2673", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "libxml2-0:2.9.1-6.el7_9.9", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-03-12T00:00:00Z"}, {"advisory": "RHSA-2025:2686", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "libxml2-0:2.9.7-19.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-12T00:00:00Z"}, {"advisory": "RHSA-2025:2686", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "libxml2-0:2.9.7-19.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-03-12T00:00:00Z"}, {"advisory": "RHSA-2025:2654", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "libxml2-0:2.9.7-9.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2660", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "libxml2-0:2.9.7-9.el8_4.5", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2660", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "libxml2-0:2.9.7-9.el8_4.5", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2660", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "libxml2-0:2.9.7-9.el8_4.5", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-03-11T00:00:00Z"}, {"advisory": "RHSA-2025:2513", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "libxml2-0:2.9.7-13.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2513", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "libxml2-0:2.9.7-13.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2513", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "libxml2-0:2.9.7-13.el8_6.8", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2507", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "libxml2-0:2.9.7-16.el8_8.7", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2679", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "libxml2-0:2.9.13-6.el9_5.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-12T00:00:00Z"}, {"advisory": "RHSA-2025:2679", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "libxml2-0:2.9.13-6.el9_5.2", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-03-12T00:00:00Z"}, {"advisory": "RHSA-2025:2483", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "libxml2-0:2.9.13-1.el9_0.4", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2482", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "libxml2-0:2.9.13-3.el9_2.6", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-03-10T00:00:00Z"}, {"advisory": "RHSA-2025:2678", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "libxml2-0:2.9.13-9.el9_4", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-03-12T00:00:00Z"}, {"advisory": "RHSA-2025:2701", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "rhcos-413.92.202503112237-0", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2025-03-20T00:00:00Z"}, {"advisory": "RHSA-2025:3055", "cpe": "cpe:/a:redhat:openshift:4.15::el9", "package": "rhcos-415.92.202503190057-0", "product_name": "Red Hat OpenShift Container Platform 4.15", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3301", "cpe": "cpe:/a:redhat:openshift:4.16::el9", "package": "rhcos-416.94.202503252048-0", "product_name": "Red Hat OpenShift Container Platform 4.16", "release_date": "2025-04-03T00:00:00Z"}, {"advisory": "RHSA-2025:3059", "cpe": "cpe:/a:redhat:openshift:4.17::el9", "package": "rhcos-417.94.202503172033-0", "product_name": "Red Hat OpenShift Container Platform 4.17", "release_date": "2025-03-26T00:00:00Z"}, {"advisory": "RHSA-2025:3066", "cpe": "cpe:/a:redhat:openshift:4.18::el9", "package": "rhcos-418.94.202503181639-0", "product_name": "Red Hat OpenShift Container Platform 4.18", "release_date": "2025-03-25T00:00:00Z"}, {"advisory": "RHSA-2025:3453", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "libxml2", "product_name": "Text-Only JBCS", "release_date": "2025-04-02T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8:sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8:sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8:sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8:sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8:sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8:sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8:sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8:sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8:sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-model-controller-rhel8:sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-modelmesh-rhel8:sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8:sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3368", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8:sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-27T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8:sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8:sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8:sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8:sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8:sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8:sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8:sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8:sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8:sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-model-controller-rhel8:sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-modelmesh-rhel8:sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8:sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:3397", "cpe": "cpe:/a:redhat:openshift_ai:2.16::el8", "package": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8:sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5", "product_name": "Red Hat OpenShift AI 2.16", "release_date": "2025-03-31T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel8:sha256:8b7455c14f26b80006568829343688b50ad1c563d339c35f70eb7d561499bc1c", "product_name": "Red Hat OpenShift distributed tracing 3.5", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-rhel8-operator:sha256:adb1f41e544331b0936c6591edb00c169a9e5a2592c12f6ee55aaab8786ff5ba", "product_name": "Red Hat OpenShift distributed tracing 3.5", "release_date": "2025-03-13T00:00:00Z"}, {"advisory": "RHSA-2025:2789", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "package": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel8:sha256:cced4191c3e84f44eca2ed486592c473f97fd5cd0941edb9d216051802dad3f7", "product_name": "Red Hat OpenShift distributed tracing 3.5", "release_date": "2025-03-13T00:00:00Z"}], "bugzilla": {"description": "libxml2: Use-After-Free in libxml2", "id": "2346416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema."], "name": "CVE-2024-56171", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2025-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56171\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56171\nhttps://gitlab.gnome.org/GNOME/libxml2/-/issues/828"], "statement": "This vulnerability is rated as important because it involves a use-after-free flaw in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions. A maliciously crafted XML document or schema, containing specific identity constraints, can be used to trigger this vulnerability and potentially gain unauthorized access or cause a denial-of-service condition.", "threat_severity": "Important"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object