CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-56171

Medium Severity
SVRS
36/100
CVSSv3
7.8/10
EPSS
0.00006/1

CVE-2024-56171 is a use-after-free vulnerability found in libxml2. This flaw allows attackers to potentially execute arbitrary code through a crafted XML document or schema. Specifically, the vulnerability exists within the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions within xmlschemas.c. Successful exploitation requires a specially crafted XML document validated against an XML schema with specific identity constraints. Although the CVSS score is 7.8 (High), the SOCRadar Vulnerability Risk Score (SVRS) is 36, indicating a moderate risk level despite the "In The Wild" tag. The risk is still significant because successful exploitation could lead to denial of service or arbitrary code execution, compromising the integrity and availability of systems using the vulnerable libxml2 library. Therefore, patching to versions 2.12.10 or 2.13.6 is recommended to mitigate this cybersecurity threat.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:L
AC:H
PR:N
UI:N
S:C
C:H
I:H
A:N
PUBLICATION DATE2025-02-18
LAST MODIFIED2025-03-28
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-56171 describes a use-after-free vulnerability in libxml2 versions before 2.12.10 and 2.13.x before 2.13.6. This vulnerability exists within the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions in xmlschemas.c. Successful exploitation requires the processing of a specially crafted XML document validated against an XML schema with specific identity constraints, or the processing of a malicious XML schema. While the CVSS score is 7.8, indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 36. However, it's important to note that this vulnerability is actively exploited in the wild.

Key Insights

  1. Use-After-Free: The core issue is a use-after-free, a type of memory corruption vulnerability. This means that memory is freed, and then a pointer to that memory is dereferenced. This can lead to crashes, arbitrary code execution, or information disclosure.

  2. Exploitation Trigger: Exploitation hinges on carefully crafted XML documents and schemas that trigger the vulnerability within the schema validation process. Specifically, XML documents must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

  3. Library Prevalence: libxml2 is a widely used library for parsing XML documents, meaning this vulnerability could impact a broad range of applications and systems that rely on it.

  4. In the Wild Exploitation: The tag "In The Wild" indicates that the vulnerability is actively exploited by hackers, increasing the urgency of addressing the vulnerability.

Mitigation Strategies

  1. Immediate Update: Upgrade libxml2 to version 2.12.10 or 2.13.6 or later as soon as possible. This is the most effective way to eliminate the vulnerability.

  2. Input Validation and Sanitization: Implement rigorous input validation and sanitization for XML documents and schemas. Restrict the use of external schemas if possible.

  3. Runtime Monitoring: Deploy runtime monitoring and intrusion detection systems to detect and prevent exploitation attempts targeting this vulnerability. Look for suspicious XML parsing activity.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

USN-7302-1: libxml2 vulnerabilities
2025-02-26
USN-7302-1: libxml2 vulnerabilities | It was discovered that libxml2 incorrectly handled certain memory operations. A remote attacker could use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2022-49043) It was discovered that the libxml2 xmllint tool incorrectly handled certain memory operations. If a user or automated system were tricked into running xmllint on a specially crafted xml file, a remote attacker could cause xmllint to crash, resulting in a denial of service. This
ubuntu.com
rss
forum
news
Multiple vulnerabilities in libxml2
2025-02-18
Multiple vulnerabilities in libxml2 | Posted by Nick Wellnhofer on Feb 18These issues are fixed in 2.12.10, 2.13.6 and the upcoming 2.14.0 release. Older branches won't receive official updates. [CVE-2024-56171] Use-after-free in xmlSchemaIDCFillNodeTables https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 [CVE-2025-24928] Stack-buffer-overflow in xmlSnprintfElements https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
seclists.org
rss
forum
news
CVE-2024-56171 | xmlsoft libxml2 up to 2.12.9/2.13.5 /xmlschemas.c xmlSchemaIDCFillNodeTables use after free (Issue 828)
vuldb.com2025-02-18
CVE-2024-56171 | xmlsoft libxml2 up to 2.12.9/2.13.5 /xmlschemas.c xmlSchemaIDCFillNodeTables use after free (Issue 828) | A vulnerability was found in xmlsoft libxml2 up to 2.12.9/2.13.5 and classified as critical. Affected by this issue is the function xmlSchemaIDCFillNodeTables of the file /xmlschemas.c. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-56171
vuldb.com
rss
forum
news

Social Media

🚨 Lambda Watchdog detected a new HIGH severity CVE 🚨 CVE-2024-56171 was detected in the latest AWS Lambda image scan affecting the libxml2 package in 9 images. Check the full report 👉 https://t.co/6EUGaPyRZk #AWS #Lambda #CVE #CloudSecurity #Serverless
0
0
0
CVE-2024-56171 & CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution https://t.co/jpjfjZXYBJ
0
0
0
Multiple vulnerabilities (CVE-2024-56171 & CVE-2025-24928) in Libxml2 could lead to code execution & denial of service. Updates (2.12.10 & 2.13.6) are critical for security. 🛡️🔒 #Libxml2 #SecurityUpdate #Germany link: https://t.co/nHacQ7bODu https://t.co/jPoQPpaE2f
0
0
0
CVE-2024-56171 & CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution https://t.co/4HgCAbQ9Gx
0
2
4
Two vulnerabilities in Libxml2, CVE-2024-56171 and CVE-2025-24928, may permit code execution, posing significant risks (https://t.co/ukNicN0KUE). Developers using this library should assess exposure promptly. #cybersecurity #CVE
0
0
0
CVE-2024-56171 & CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution Explore the vulnerabilities in libxml2, CVE-2025-24928 & CVE-2024-56171, and learn how it affects XML parsing security https://t.co/vctF5gVGrU
0
0
0
🗣 CVE-2024-56171 & CVE-2025-24928: Libxml2 Flaws Could Lead to Code Execution https://t.co/0uT5iuQnqG
0
0
0
RubySec ➜ GHSA-vvfq-8hwr-qm4m (nokogiri): Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 https://t.co/wcIUG1sWOy
0
0
0
CVE-2024-56171 libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, … https://t.co/xFymsdPpdH
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250328-0010/
[email protected]https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
GITHUBhttps://gitlab.gnome.org/GNOME/libxml2/-/issues/828

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence