CVE-2022-49043

CVSS v3.1

8.1

High

Vector

AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

The libxml2 library, specifically versions up to 2.10.x, contains a use-after-free flaw in the xmlXIncludeAddNode function within the xinclude.c file. This flaw can potentially lead to remote code execution. The affected versions are all libxml2 versions before 2.11.0. An exploit for this issue is available, allowing for potential remote code execution. It is recommended to update libxml2 to version 2.11.0 or later to prevent potential remote code execution. More information about this issue can be found at https://t.co/PiPDOx4jnd and https://t.co/NOrljIDevR. #libxml2 #xmlXIncludeAddNode #useafterfree #remoteCodeExecution #InfoSec #CriticalVulnerability #libxml2vulnerability #xmlvulnerability

Fix

DoS

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2025:1350

ALSA-2025:1517

AZL-55967

BDU:2025-11749

CESA-2025_1517

CVE-2022-49043

DLA-4064-1

DSA-5949-1

ECHO-FD8A-6039-C2C3

INFSA-2025_1350

INFSA-2025_1517

MGASA-2025-0034

OESA-2025-1104

OPENSUSE-SU-2025_0303-1

OPENSUSE-SU-2025_0341-1

OPENSUSE-SU-2025_0348-1

RHSA-2025:1350

RHSA-2025:1516

RHSA-2025:1517

RHSA-2025:2507

RHSA-2025:2678

RHSA-2025_1350

RHSA-2025_1517

RLSA-2025:1517

SUSE-SU-2025:0300-1

SUSE-SU-2025:0303-1

SUSE-SU-2025:0341-1

SUSE-SU-2025:0348-1

SUSE-SU-2025_0300-1

SUSE-SU-2025_0303-1

SUSE-SU-2025_0341-1

SUSE-SU-2025_0348-1

USN-7240-1

USN-7302-1

Affected Products

Almalinux

Astra Linux

Centos

Debian

Ibm Aix

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Libxml2

CVE-2022-49043

Weakness Enumeration

Related Identifiers

Affected Products

References · 75