PT-2022-36697 · Libxml2 · Libxml2

Name of the Vulnerable Software and Affected Versions: libxml2 affected versions not specified Description: The issue is related to a heap-use-after-free error. Technical details about the crash include the xmlXIncludeCopyXPointer, xmlXIncludeDoProcess, and xmlXIncludeProcessTreeFlagsData...

CVE-2022-40304

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free...

CVE-2022-40303

A flaw was found in libxml2. Parsing a XML document with the XMLPARSEHUGE option enabled can result in an integer overflow because safety checks were missing in some functions. Also, the xmlParseEntityValue function didn't have any length limitation...

Denial Of Service (DoS)

libxml2 is vulnerable to denial of service DoS attacks. A malicious user is able to cause an integer overflow leading to a segmentation fault through a multi-gigabyte XML document when the XMLPARSEHUGE parser option enabled, causing the application to crash...

Double Free

libxml2 is vulnerable to double free. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary which may become corrupted resulting in logic errors, including memory errors like double free...

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs

Summary Nokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to v2.10.3 from v2.9.14. libxml2 v2.10.3 addresses the following known vulnerabilities: - CVE-2022-2309 - CVE-2022-40304 - CVE-2022-40303 Please note that this advisory only applies to the CRuby implementation of...

NULL Pointer Dereference

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to NULL Pointer Dereference due to the usage of a vulnerable version of the bundled libxml2 package. Remediation Upgrade nokogiri to version 1.13.9 or higher. References - GitHub...

GHSA-2QC6-MCVW-92CW Update bundled libxml2 to v2.10.3 to resolve multiple CVEs

Summary Nokogiri v1.13.9 upgrades the packaged version of its dependency libxml2 to v2.10.3 from v2.9.14. libxml2 v2.10.3 addresses the following known vulnerabilities: - CVE-2022-2309 - CVE-2022-40304 - CVE-2022-40303 Please note that this advisory only applies to the CRuby implementation of...

GLSA-202210-03 : libxml2: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202210-03 libxml2: Multiple Vulnerabilities - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree....

libxml2: Multiple Vulnerabilities

Background libxml2 is the XML C parser and toolkit developed for the GNOME project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround The...

libxml2 资源管理错误漏洞

libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. A resource management error vulnerability exists in libxml2. No information about this vulnerability is available at this time, please stay tuned to CNNVD o...

libxml2 输入验证错误漏洞

libxml2 is an open source library used to parse XML documents . It is written in C and can be called by many languages, such as C, C++, XSH. An input validation error vulnerability exists in libxml2. No information about this vulnerability is available at this time, please stay tuned to CNNVD or...

CVE-2021-42523

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'errmsg' of 'sqlite3exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2022-2572)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : libxml2 (EulerOS-SA-2022-2572)

According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 - In libxml2 before 2.9.14,...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2022-2517)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2022-2471)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : libxml2 (ALAS-2022-1848)

The version of libxml2 installed on the remote host is prior to 2.9.1-6. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1848 advisory. A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input...

EulerOS 2.0 SP8 : python-lxml (EulerOS-SA-2022-2478)

According to the versions of the python-lxml packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference allows attackers to cause a denial of service or application crash. This only applies when lxml is used together...

EulerOS 2.0 SP8 : libxml2 (EulerOS-SA-2022-2471)

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Possible cross-site scripting vulnerability in libxml after commit 960f0e2. CVE-2016-3709 Note that Tenable Network Security has extracted the...