CVE-2022-49043 – CVE-2022-49043 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2022-49043?

CVE-2022-49043 has a CVSS score of 8.1 (HIGH). CVE-2022-49043 is a use-after-free vulnerability in libxml2's xmlXIncludeAddNode function that allows attackers to execute arbitrary code or cause denial of service. This affects any application that uses libxml2 to parse XML documents with XInclude processing enabled. The vulnerability is particularly dangerous for applications that process untrusted XML input.

📋 TL;DR

CVE-2022-49043 is a use-after-free vulnerability in libxml2's xmlXIncludeAddNode function that allows attackers to execute arbitrary code or cause denial of service. This affects any application that uses libxml2 to parse XML documents with XInclude processing enabled. The vulnerability is particularly dangerous for applications that process untrusted XML input.

💻 Affected Systems

Products:

libxml2
PHP (when compiled with libxml2)
GNOME applications
various Linux packages using libxml2

Versions: libxml2 versions before 2.11.0

Operating Systems: Linux, Unix-like systems, Any OS using vulnerable libxml2

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications that enable XInclude processing (xmlXIncludeProcess or similar). Many XML parsers disable XInclude by default.

📦 What is this software?

Libxml2 by Xmlsoft

View all CVEs affecting Libxml2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash causing denial of service, potentially leading to data corruption or service disruption.

🟢

If Mitigated

Limited impact with proper input validation and sandboxing, potentially just application instability.

🌐 Internet-Facing: HIGH - Many web applications and services process XML from untrusted sources.

🏢 Internal Only: MEDIUM - Internal applications may still process XML from less-trusted sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires crafting malicious XML with XInclude directives. No public exploits known as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libxml2 2.11.0 or later

Vendor Advisory: https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

Restart Required: No

Instructions:

1. Update libxml2 to version 2.11.0 or later. 2. For Linux distributions: Use package manager (apt update && apt upgrade libxml2, yum update libxml2, etc.). 3. Recompile applications if statically linked. 4. Restart affected services.

🔧 Temporary Workarounds

Disable XInclude Processing

all

Configure applications to disable XInclude processing when parsing untrusted XML.

Set XML_PARSE_NOXINCNODE flag in libxml2 parser options

🧯 If You Can't Patch

Disable XInclude processing in all XML parsers
Implement strict XML input validation and sanitization

🔍 How to Verify

Check if Vulnerable:

Check libxml2 version: xml2-config --version or dpkg -l libxml2 | grep ^ii

Check Version:

xml2-config --version || dpkg -l libxml2 | grep ^ii || rpm -q libxml2

Verify Fix Applied:

Verify version is 2.11.0 or higher: xml2-config --version

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
Memory corruption errors in logs
Unexpected process termination

Network Indicators:

Unusual XML payloads with XInclude directives
Repeated XML parsing requests causing crashes

SIEM Query:

process.name: ("php", "application") AND event.action: ("segmentation fault", "SIGSEGV")

📊 Metadata

CVE ID: CVE-2022-49043

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (7.3th percentile)

Published: January 26, 2025

Last Updated: November 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-49043, you might also want to check these: