CVE-2024-56171

libxml2: Use-After-Free in libxml2

Description

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

INFO

Published Date :

2025-02-18T00:00:00.000Z

Last Modified :

2025-11-03T20:49:05.224Z

Source :

mitre

AFFECTED PRODUCTS

The following products are affected by CVE-2024-56171 vulnerability.

Vendors	Products
Netapp	Active Iq Unified Manager H300s H300s Firmware H410c H410c Firmware H410s H410s Firmware H500s H500s Firmware H700s H700s Firmware Hci Compute Node Manageability Software Development Kit Ontap Solidfire \& Hci Management Node
Redhat	Enterprise Linux Jboss Core Services Network Observ Optr Openshift Openshift Ai Openshift Distributed Tracing Rhel Aus Rhel E4s Rhel Els Rhel Eus Rhel Tus Service Interconnect
Xmlsoft	Libxml2

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56171.

URL	Resource
http://seclists.org/fulldisclosure/2025/Apr/10
http://seclists.org/fulldisclosure/2025/Apr/11
http://seclists.org/fulldisclosure/2025/Apr/12
http://seclists.org/fulldisclosure/2025/Apr/13
http://seclists.org/fulldisclosure/2025/Apr/4
http://seclists.org/fulldisclosure/2025/Apr/5
http://seclists.org/fulldisclosure/2025/Apr/8
http://seclists.org/fulldisclosure/2025/Apr/9
https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
https://lists.debian.org/debian-lts-announce/2025/02/msg00028.html
https://nvd.nist.gov/vuln/detail/CVE-2024-56171
https://security.netapp.com/advisory/ntap-20250328-0010/
https://www.cve.org/CVERecord?id=CVE-2024-56171

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact