Vulnerability CVE-2022-40303: Information

Description

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: Nov. 23, 2022
Modified: Nov. 7, 2023
Error type identifier: CWE-190

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libxml2sisyphus2.10.3-alt12.12.4-alt1ALT-PU-2022-2865-1308392Fixed
libxml2sisyphus_e2k2.10.3-alt12.12.4-alt1ALT-PU-2022-6670-1-Fixed
libxml2sisyphus_mipsel2.10.3-alt12.12.3-alt1ALT-PU-2022-6656-1-Fixed
libxml2sisyphus_riscv642.10.3-alt12.12.4-alt1ALT-PU-2022-6660-1-Fixed
libxml2p102.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-1172-1314068Fixed
libxml2p10_e2k2.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-2426-1-Fixed
libxml2p92.9.10-alt6.p9.12.9.10-alt6.p9.1ALT-PU-2023-1234-1314487Fixed
libxml2p9_e2k2.9.10-alt6.p9.12.9.10-alt6.p9.1ALT-PU-2023-2670-1-Fixed
libxml2p9_mipsel2.9.10-alt6.p9.12.9.10-alt6.p9.1ALT-PU-2023-6332-1-Fixed
libxml2c10f12.9.12-alt1.p10.12.9.12-alt1.p10.1ALT-PU-2023-1172-1314068Fixed
libxml2c9f22.9.12-alt1.c9f2.12.9.12-alt1.c9f2.1ALT-PU-2022-3377-1311279Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
      End excliding
      2.10.3

      Configuration 2

      cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*

      cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

      cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*

      cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*

      cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*

      cpe:2.3:a:netapp:netapp_manageability_sdk:-:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
      Start including
      11.0
      End excliding
      11.7.2

      cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
      End excliding
      9.2

      cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
      End excliding
      16.2

      cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
      End excliding
      15.7.2

      cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
      End excliding
      15.7.2

      cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
      Start including
      12.0
      End excliding
      12.6.2

      Configuration 4

      cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

      Configuration 6

      cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

      Configuration 7

      cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

      Configuration 8

      cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

      Running on/with:
      cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*