CVE-2024-25062

{"id": "CVE-2024-25062", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-02-04T16:15:45.120", "references": [{"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604", "tags": ["Exploit", "Issue Tracking"], "source": "cve@mitre.org"}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags", "tags": ["Release Notes"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validaci\u00f3n DTD y la expansi\u00f3n XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free de xmlValidatePopElement."}], "lastModified": "2024-02-13T00:40:40.503", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "971ACB1F-3D2E-4CBD-A75C-F58063898438", "versionEndExcluding": "2.11.7"}, {"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4CEB958-63E0-4939-9520-406AB65425C9", "versionEndExcluding": "2.12.5", "versionStartIncluding": "2.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}