Vulnerability CVE-2022-40303: Information
Description
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libxml2 | sisyphus | 2.10.3-alt1 | 2.12.6-alt1 | ALT-PU-2022-2865-1 | 308392 | Fixed |
libxml2 | sisyphus_e2k | 2.10.3-alt1 | 2.12.6-alt1 | ALT-PU-2022-6670-1 | - | Fixed |
libxml2 | sisyphus_riscv64 | 2.10.3-alt1 | 2.12.6-alt1 | ALT-PU-2022-6660-1 | - | Fixed |
libxml2 | p10 | 2.9.12-alt1.p10.1 | 2.9.12-alt1.p10.1 | ALT-PU-2023-1172-1 | 314068 | Fixed |
libxml2 | p10_e2k | 2.9.12-alt1.p10.1 | 2.9.12-alt1.p10.1 | ALT-PU-2023-2426-1 | - | Fixed |
libxml2 | p9 | 2.9.10-alt6.p9.1 | 2.9.10-alt6.p9.1 | ALT-PU-2023-1234-1 | 314487 | Fixed |
libxml2 | p9_e2k | 2.9.10-alt6.p9.1 | 2.9.10-alt6.p9.1 | ALT-PU-2023-2670-1 | - | Fixed |
libxml2 | c10f1 | 2.9.12-alt1.p10.1 | 2.9.12-alt1.p10.1 | ALT-PU-2023-1172-1 | 314068 | Fixed |
libxml2 | c9f2 | 2.9.12-alt1.c9f2.1 | 2.9.12-alt1.c9f2.1 | ALT-PU-2022-3377-1 | 311279 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 |
|
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3 |
|
https://security.netapp.com/advisory/ntap-20221209-0003/ |
|
https://support.apple.com/kb/HT213534 |
|
https://support.apple.com/kb/HT213535 |
|
https://support.apple.com/kb/HT213536 |
|
https://support.apple.com/kb/HT213531 |
|
https://support.apple.com/kb/HT213533 |
|
20221220 APPLE-SA-2022-12-13-7 tvOS 16.2 |
|
20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2 |
|
20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2 |
|
20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2 |
|
20221220 APPLE-SA-2022-12-13-8 watchOS 9.2 |