What is the CVSS score of CVE-2024-56171?

CVE-2024-56171 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.1%.

Which versions of Active Iq Unified Manager are affected by CVE-2024-56171?

Organizations using libxml2 before 2.12.10 and 2.13.x before 2.13.6 face notable risk from CVE-2024-56171, a use-after-free vulnerability rated CVSS 7.8.. A patch is available.

How to fix or mitigate CVE-2024-56171?

Within 7 days: Identify all affected systems and apply vendor patches promptly. If patching is delayed, consider network segmentation to limit exposure.

Active Iq Unified Manager CVE-2024-56171

HIGH

Use After Free (CWE-416)

2025-02-18 cve@mitre.org

Information Disclosure Use After Free Memory Corruption Red Hat Active Iq Unified Manager H300s Firmware H410c Firmware H410s Firmware H500s Firmware H700s Firmware Libxml2 Ontap Solidfire Hci Management Node Suse Hci Compute Node Manageability Software Development Kit

7.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch released

Apr 02, 2026 - 20:30 nvd

Patch available

Analysis Generated

Mar 28, 2026 - 18:27 vuln.today

CVE Published

Feb 18, 2025 - 22:15 nvd

HIGH 7.8

DescriptionNVD

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.

AnalysisAI

libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. Affected products include: Xmlsoft Libxml2, Netapp Hci Compute Node, Netapp H410C Firmware, Netapp H300S Firmware, Netapp H500S Firmware. Version information: before 2.12.10.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.