Vulnerability CVE-2022-29824: Information
Description
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
libxml2 | sisyphus | 2.9.14-alt1 | 2.12.7-alt1 | ALT-PU-2022-1807-1 | 299383 | Fixed |
libxml2 | sisyphus_e2k | 2.9.14-alt1 | 2.12.7-alt1 | ALT-PU-2022-4870-1 | - | Fixed |
libxml2 | sisyphus_riscv64 | 2.9.14-alt1 | 2.12.7-alt1 | ALT-PU-2022-4858-1 | - | Fixed |
libxml2 | p10 | 2.9.12-alt1.p10.1 | 2.9.12-alt1.p10.1 | ALT-PU-2023-1172-1 | 314068 | Fixed |
libxml2 | p10_e2k | 2.9.12-alt1.p10.1 | 2.9.12-alt1.p10.1 | ALT-PU-2023-2426-1 | - | Fixed |
libxml2 | c10f1 | 2.9.12-alt1.p10.1 | 2.9.12-alt1.p10.1 | ALT-PU-2023-1172-1 | 314068 | Fixed |
libxml2 | c9f2 | 2.9.12-alt1.c9f2.1 | 2.9.12-alt1.c9f2.1 | ALT-PU-2022-3377-1 | 311279 | Fixed |
libxml2 | p11 | 2.9.14-alt1 | 2.12.7-alt1 | ALT-PU-2022-1807-1 | 299383 | Fixed |
libxslt | sisyphus | 1.1.37-alt1 | 1.1.39-alt1 | ALT-PU-2022-2687-1 | 307481 | Fixed |
libxslt | sisyphus_e2k | 1.1.37-alt1 | 1.1.37-alt1 | ALT-PU-2022-6306-1 | - | Fixed |
libxslt | sisyphus_riscv64 | 1.1.37-alt1 | 1.1.37-alt1 | ALT-PU-2022-6336-1 | - | Fixed |
libxslt | c10f1 | 1.1.37-alt1 | 1.1.37-alt1 | ALT-PU-2024-7058-2 | 345755 | Fixed |
libxslt | p11 | 1.1.37-alt1 | 1.1.39-alt1 | ALT-PU-2022-2687-1 | 307481 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14 |
|
https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd |
|
https://gitlab.gnome.org/GNOME/libxslt/-/tags |
|
https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab |
|
[debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update |
|
DSA-5142 |
|
http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html |
|
https://security.netapp.com/advisory/ntap-20220715-0006/ |
|
N/A |
|
GLSA-202210-03 |
|
http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html |
|
FEDORA-2022-9136d646e4 | |
FEDORA-2022-be6d83642a | |
FEDORA-2022-f624aad735 |