Lucene search
HistoryNov 23, 2022 - 6:15 p.m.
CVE-2022-40304
libxml2
hash table
logic errors
double-free
xml entity
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.5%
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Affected configurations
Node
xmlsoftlibxml2Range<2.10.3
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
ORnetappclustered_data_ontapMatch-
ORnetappclustered_data_ontap_antivirus_connectorMatch-
ORnetappmanageability_software_development_kitMatch-
ORnetappsmi-s_providerMatch-
ORnetappsnapmanagerMatch-hyper-v
Node
netapph300s_firmwareMatch-
netapph300sMatch-
Node
netapph500s_firmwareMatch-
netapph500sMatch-
Node
netapph700s_firmwareMatch-
netapph700sMatch-
Node
netapph410s_firmwareMatch-
netapph410sMatch-
Node
netapph410c_firmwareMatch-
netapph410cMatch-
Node
appleipadosRange<15.7.2
ORappleiphone_osRange<15.7.2
ORapplemacosRange11.0–11.7.2
ORapplemacosRange12.0–12.6.2
ORappletvosRange<16.2
ORapplewatchosRange<9.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| xmlsoft | libxml2 | * | cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* |
| netapp | active_iq_unified_manager | - | cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* |
| netapp | clustered_data_ontap | - | cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* |
| netapp | clustered_data_ontap_antivirus_connector | - | cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* |
| netapp | manageability_software_development_kit | - | cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:* |
| netapp | smi-s_provider | - | cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:* |
| netapp | snapmanager | - | cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:* |
| netapp | h300s_firmware | - | cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* |
| netapp | h300s | - | cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* |
| netapp | h500s_firmware | - | cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* |
References
seclists.org/fulldisclosure/2022/Dec/21
seclists.org/fulldisclosure/2022/Dec/24
seclists.org/fulldisclosure/2022/Dec/25
seclists.org/fulldisclosure/2022/Dec/26
seclists.org/fulldisclosure/2022/Dec/27
gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
gitlab.gnome.org/GNOME/libxml2/-/tags
gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
security.netapp.com/advisory/ntap-20221209-0003/
support.apple.com/kb/HT213531
support.apple.com/kb/HT213533
support.apple.com/kb/HT213534
support.apple.com/kb/HT213535
support.apple.com/kb/HT213536
Related
alpinelinux
alpinelinux
CVE-2022-40304
2022-11-23 18:15:12
ubuntucve
ubuntucve
CVE-2022-40304
2022-11-23 00:00:00
prion
prion
Double free
2022-11-23 18:15:00
nessus
nessus
F5 Networks BIG-IP : libxml2 vulnerability (K000139594)
2024-05-14 00:00:00
Photon OS 5.0: Libxml2 PHSA-2023-5.0-0008
2024-07-24 00:00:00
cvelist
cvelist
CVE-2022-40304
2022-11-23 00:00:00
veracode
veracode
Double Free
2022-10-19 02:10:03
cve
cve
CVE-2022-40304
2022-11-23 18:15:12
cbl_mariner
cbl_mariner
CVE-2022-40304 affecting package libxml2 2.9.14-2
2022-12-06 23:44:35
CVE-2022-40304 affecting package libxml2 for versions less than 2.10.3-1
2022-12-09 00:19:55
f5
f5
K000139594: libxml2 vulnerability CVE-2022-40304
2024-05-15 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40304)
2023-03-31 17:04:53
osv
osv
CGA-jq9w-vf6c-f4f6
2024-06-06 12:28:16
Moderate: libxml2 security update
2023-01-16 00:00:00
Moderate: libxml2 security update
2023-01-23 00:00:00
redhatcve
redhatcve
CVE-2022-40304
2022-10-19 20:47:20
debiancve
debiancve
CVE-2022-40304
2022-11-23 18:15:12
debian
debian
[SECURITY] [DLA 3172-1] libxml2 security update
2022-10-30 15:57:58
[SECURITY] [DSA 5271-1] libxml2 security update
2022-11-05 19:46:29
openvas
openvas
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1365)
2023-02-10 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2039)
2023-06-07 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1660)
2023-04-27 00:00:00
aix
aix
AIX is vulnerable to arbitrary code execution due to libxml2
2023-02-08 13:18:47
gentoo
gentoo
libxml2: Multiple Vulnerabilities
2022-10-31 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2023-01-24 00:00:00
libxml2 security update
2023-01-16 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt6.p9.1
2023-02-13 00:00:00
rocky
rocky
libxml2 security update
2023-01-23 14:30:36
libxml2 security update
2023-01-16 09:03:23
fedora
fedora
[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37
2022-11-13 01:14:14
[SECURITY] Fedora 37 Update: libxml2-2.10.3-2.fc37
2022-11-13 01:14:11
[SECURITY] Fedora 36 Update: libxml2-2.10.3-1.fc36
2022-10-25 13:13:35
redhat
redhat
(RHSA-2023:0173) Moderate: libxml2 security update
2023-01-16 09:03:23
(RHSA-2023:0338) Moderate: libxml2 security update
2023-01-23 14:30:36
(RHSA-2024:0413) Moderate: libxml2 security update
2024-01-24 14:40:23
ubuntu
ubuntu
libxml2 vulnerabilities
2022-12-05 00:00:00
libxml2 vulnerabilities
2022-12-05 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2022-11-08 22:44:28
suse
suse
Security update for libxml2 (important)
2022-10-21 00:00:00
Security update for libxml2 (important)
2022-11-04 00:00:00
almalinux
almalinux
Moderate: libxml2 security update
2023-01-16 00:00:00
Moderate: libxml2 security update
2023-01-23 00:00:00
redos
redos
ROS-20221110-01
2022-11-10 00:00:00
amazon
amazon
Medium: libxml2
2023-03-17 16:34:00
Medium: libxml2
2023-04-27 16:19:00
apple
apple
About the security content of iOS 16.1.1 and iPadOS 16.1.1
2022-11-09 00:00:00
About the security content of macOS Ventura 13.0.1
2022-11-09 00:00:00
About the security content of macOS Big Sur 11.7.2
2022-12-13 00:00:00
cloudlinux
cloudlinux
libxml2: Fix of 2 CVEs
2022-12-08 17:47:57
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0008
2023-05-19 00:00:00
Important Photon OS Security Update - PHSA-2022-0546
2022-12-05 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0499
2022-12-06 00:00:00
hivepro
hivepro
Apple addresses the macOS code execution flaws
2022-11-11 13:49:02
github
github
Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
2022-10-18 18:12:31
cloudfoundry
cloudfoundry
USN-5760-1: libxml2 vulnerabilities | Cloud Foundry
2023-01-26 00:00:00
slackware
slackware
[slackware-security] libxml2
2023-12-10 01:15:09
rosalinux
rosalinux
Advisory ROSA-SA-2024-2356
2024-02-20 10:05:34
trellix
trellix
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
The Bug Report – November 2022 Edition
2022-12-07 00:00:00
ics
ics
Siemens SIMATIC and SIPLUS
2024-06-13 12:00:00
Siemens TIM 1531 IRC
2024-06-13 12:00:00
Siemens ST7 ScadaConnect
2024-06-13 12:00:00
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.5%
Related for NVD:CVE-2022-40304