1. Home
  2. CVE Database
  3. CVE-2024-56171
HIGH · 7.8

CVE-2024-56171

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be val...

Vulnerability Description

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
NONE

Affected Products

VendorProductVersions
XmlsoftLibxml2< 2.12.10
NetappHci Compute Node-
NetappH410C Firmware-
NetappH410C-
NetappH300S Firmware-
NetappH300S-
NetappH500S Firmware-
NetappH500S-
NetappH700S Firmware-
NetappH700S-
NetappH410S Firmware-
NetappH410S-
NetappActive Iq Unified Manager-
NetappManageability Software Development Kit-
NetappOntap9
NetappSolidfire \& Hci Management Node-

Related Weaknesses (CWE)

CWE-416

References

FAQ

What is CVE-2024-56171?

CVE-2024-56171 is a vulnerability with a CVSS score of 7.8 (HIGH). libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be val...

How severe is CVE-2024-56171?

CVE-2024-56171 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-56171?

Check the references section above for vendor advisories and patch information. Affected products include: Xmlsoft Libxml2, Netapp Hci Compute Node, Netapp H410C Firmware, Netapp H410C, Netapp H300S Firmware.