Уязвимость CVE-2022-29824: Информация

Описание

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Важность: MEDIUM (6,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

      End excliding

      2.9.14

      ---

      cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:*

      End including

      1.1.35

      ---

      Конфигурация 2

      cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

      ---

      Конфигурация 3

      cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

      ---

      cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

      ---

      Конфигурация 4

      cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*

      ---

      cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*

      ---

      cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*

      ---

      cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*

      ---

      Конфигурация 5

      cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

      ---

      Конфигурация 6

      cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

      ---

      Running on/with:

      cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

      ---

      Конфигурация 7

      cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

      ---

      Running on/with:

      cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

      ---

      Конфигурация 8

      cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

      ---

      Running on/with:

      cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

      ---

      Конфигурация 9

      cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

      ---

      Running on/with:

      cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

      ---

      Конфигурация 10

      cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

      ---

      Running on/with:

      cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

      ---