Vulnerability CVE-2022-40303: Information

Description

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-40303
Published: Nov. 23, 2022
Modified: Nov. 7, 2023
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libxml2sisyphus2.10.3-alt12.12.6-alt1ALT-PU-2022-2865-1308392Fixed
libxml2sisyphus_e2k2.10.3-alt12.12.6-alt1ALT-PU-2022-6670-1-Fixed
libxml2sisyphus_riscv642.10.3-alt12.12.6-alt1ALT-PU-2022-6660-1-Fixed
libxml2p102.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-1172-1314068Fixed
libxml2p10_e2k2.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-2426-1-Fixed
libxml2p92.9.10-alt6.p9.12.9.10-alt6.p9.1ALT-PU-2023-1234-1314487Fixed
libxml2p9_e2k2.9.10-alt6.p9.12.9.10-alt6.p9.1ALT-PU-2023-2670-1-Fixed
libxml2c10f12.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-1172-1314068Fixed
libxml2c9f22.9.12-alt1.c9f2.12.9.12-alt1.c9f2.1ALT-PU-2022-3377-1311279Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
  • Patch
  • Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
  • Release Notes
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20221209-0003/
  • Third Party Advisory
https://support.apple.com/kb/HT213534
  • Third Party Advisory
https://support.apple.com/kb/HT213535
  • Third Party Advisory
https://support.apple.com/kb/HT213536
  • Third Party Advisory
https://support.apple.com/kb/HT213531
  • Third Party Advisory
https://support.apple.com/kb/HT213533
  • Third Party Advisory
20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
  • Mailing List
  • Third Party Advisory
20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
  • Mailing List
  • Third Party Advisory
20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
  • Mailing List
  • Third Party Advisory
20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
  • Mailing List
  • Third Party Advisory
20221220 APPLE-SA-2022-12-13-8 watchOS 9.2

      1. Configuration 1

        cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
        End excliding
        2.10.3

        Configuration 2

        cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
        cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
        cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*
        cpe:2.3:a:netapp:netapp_manageability_sdk:-:*:*:*:*:*:*:*

        Configuration 3

        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
        Start including
        11.0
        End excliding
        11.7.2
        cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
        End excliding
        9.2
        cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
        End excliding
        16.2
        cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
        End excliding
        15.7.2
        cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
        End excliding
        15.7.2
        cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
        Start including
        12.0
        End excliding
        12.6.2

        Configuration 4

        cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

        Configuration 5

        cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

        Configuration 6

        cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

        Configuration 7

        cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

        Configuration 8

        cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
        Running on/with:
        cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.1
    Back to top