Lucene search

K
cve[email protected]CVE-2022-40303
HistoryNov 23, 2022 - 12:15 a.m.

CVE-2022-40303

2022-11-2300:15:11
CWE-190
web.nvd.nist.gov
230
8
cve-2022-40303
libxml2
overflow
segmentation fault
xml_parse_huge
nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Affected configurations

NVD
Node
xmlsoftlibxml2Range<2.10.3
Node
netappactive_iq_unified_managerMatch-vsphere
OR
netappclustered_data_ontapMatch-
OR
netappclustered_data_ontap_antivirus_connectorMatch-
OR
netappnetapp_manageability_sdkMatch-
OR
netappontap_select_deploy_administration_utilityMatch-
OR
netappsnapmanagerMatch-hyper-v
Node
appleipadosRange<15.7.2
OR
appleiphone_osRange<15.7.2
OR
applemacosRange11.011.7.2
OR
applemacosRange12.012.6.2
OR
appletvosRange<16.2
OR
applewatchosRange<9.2
Node
netapph300s_firmwareMatch-
AND
netapph300sMatch-
Node
netapph500s_firmwareMatch-
AND
netapph500sMatch-
Node
netapph700s_firmwareMatch-
AND
netapph700sMatch-
Node
netapph410s_firmwareMatch-
AND
netapph410sMatch-
Node
netapph410c_firmwareMatch-
AND
netapph410cMatch-
CPENameOperatorVersion
xmlsoft:libxml2xmlsoft libxml2lt2.10.3

Social References

More

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%