Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[BUG] CVE-2022-49043 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. #17467

Open
maxlepikhin opened this issue Feb 26, 2025 · 0 comments
Open

[BUG] CVE-2022-49043 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free. #17467

maxlepikhin opened this issue Feb 26, 2025 · 0 comments
Labels
bug Something isn't working _No response_ untriaged

Comments

@maxlepikhin
Copy link

Describe the bug

Trivy security scanning flagged libxml2 due to this CVE:
CVE-2022-49043

Related component

No response

To Reproduce

docker run -it --entrypoint=/bin/bash opensearchproject/opensearch:2.19.0
ls /usr/lib64 | grep libxml

observe the output:

libxml2.so.2
libxml2.so.2.10.4

Expected behavior

Trivy does not flag libxml2 library.

Additional Details

Plugins
N/A

Screenshots
N/A

Host/Environment (please complete the following information):
Ubuntu 24.04

Additional context
N/A
@maxlepikhin maxlepikhin added bug Something isn't working untriaged labels Feb 26, 2025
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug Something isn't working _No response_ untriaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@maxlepikhin