A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path=…/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the programs crash using libxml or other possible undefined behaviors.
The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Red Hat Enterprise Linux 10 | RedHat | libxml2-0:2.12.5-7.el10_0 | * |
| Red Hat Enterprise Linux 7 Extended Lifecycle Support | RedHat | libxml2-0:2.9.1-6.el7_9.10 | * |
| Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-21.el8_10.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | libxml2-0:2.9.7-21.el8_10.1 | * |
| Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | libxml2-0:2.9.7-9.el8_2.3 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | libxml2-0:2.9.7-9.el8_4.6 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | libxml2-0:2.9.7-9.el8_4.6 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | libxml2-0:2.9.7-13.el8_6.10 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | libxml2-0:2.9.7-13.el8_6.10 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.7-13.el8_6.10 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | libxml2-0:2.9.7-16.el8_8.9 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.7-16.el8_8.9 | * |
| Red Hat Enterprise Linux 9 | RedHat | libxml2-0:2.9.13-10.el9_6 | * |
| Red Hat Enterprise Linux 9 | RedHat | libxml2-0:2.9.13-10.el9_6 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.13-1.el9_0.5 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | libxml2-0:2.9.13-3.el9_2.7 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | libxml2-0:2.9.13-10.el9_4 | * |
| Red Hat JBoss Core Services 2.4.62.SP2 | RedHat | libxml2 | * |
| Red Hat OpenShift Container Platform 4.13 | RedHat | rhcos | * |
| Red Hat OpenShift Container Platform 4.14 | RedHat | rhcos | * |
| Red Hat OpenShift Container Platform 4.17 | RedHat | rhcos | * |
| Red Hat OpenShift Container Platform 4.18 | RedHat | rhcos | * |
| Red Hat OpenShift Container Platform 4.19 | RedHat | rhcos | * |
| Red Hat OpenShift Container Platform 4.20 | RedHat | rhcos | * |
| Red Hat Web Terminal 1.11 on RHEL 9 | RedHat | web-terminal/web-terminal-rhel9-operator:1.11-19 | * |
| Red Hat Web Terminal 1.11 on RHEL 9 | RedHat | web-terminal/web-terminal-tooling-rhel9:1.11-8 | * |
| Red Hat Web Terminal 1.12 on RHEL 9 | RedHat | web-terminal/web-terminal-tooling-rhel9:1.12-4 | * |
| Cert-manager operator for Red Hat OpenShift 1.16 | RedHat | cert-manager/jetstack-cert-manager-rhel9:sha256:1abdfac084e7c86e7a93a19e5cf6b54db79b903bfb7474a42200f753b29eda4b | * |
| Red Hat Insights proxy 1.5 | RedHat | insights-proxy/insights-proxy-container-rhel9:sha256:c26d589f12647890b67aaa986f54d3f7c6f7f2563fb5a73f38d559e6138739d7 | * |
| Libxml2 | Ubuntu | esm-infra-legacy/trusty | * |
| Libxml2 | Ubuntu | esm-infra/bionic | * |
| Libxml2 | Ubuntu | esm-infra/focal | * |
| Libxml2 | Ubuntu | esm-infra/xenial | * |
| Libxml2 | Ubuntu | jammy | * |
| Libxml2 | Ubuntu | noble | * |
| Libxml2 | Ubuntu | oracular | * |
| Libxml2 | Ubuntu | plucky | * |
| Libxml2 | Ubuntu | upstream | * |