ГлавнаяУязвимости → CVE-2024-56171
7.8высокая

CVE-2024-56171

→ есть в БДУ: BDU:2025-06438 (на русском)
Описание (на английском; русское — в БДУ выше)

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

Затрагиваемое ПО
Xmlsoft Libxml2Netapp Hci compute nodeNetapp H410c firmwareNetapp H410cNetapp H300s firmwareNetapp H300sNetapp H500s firmwareNetapp H500sNetapp H700s firmwareNetapp H700sNetapp H410s firmwareNetapp H410sNetapp Active iq unified managerNetapp Manageability software development kitNetapp OntapNetapp Solidfire \& hci management node
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Источники
https://gitlab.gnome.org/GNOME/libxml2/-/issues/828http://seclists.org/fulldisclosure/2025/Apr/10http://seclists.org/fulldisclosure/2025/Apr/11http://seclists.org/fulldisclosure/2025/Apr/12http://seclists.org/fulldisclosure/2025/Apr/13http://seclists.org/fulldisclosure/2025/Apr/4http://seclists.org/fulldisclosure/2025/Apr/5http://seclists.org/fulldisclosure/2025/Apr/8