[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2022-40304Date: (C)2022-11-22   (M)2024-02-22


An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score :
Exploit Score: 1.8Exploit Score:
Impact Score: 5.9Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: NONEAuthentication:
User Interaction: REQUIREDConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: HIGHAvailability:
Integrity: HIGH 
Availability: HIGH 
  
Reference:
http://seclists.org/fulldisclosure/2022/Dec/21
http://seclists.org/fulldisclosure/2022/Dec/24
http://seclists.org/fulldisclosure/2022/Dec/25
http://seclists.org/fulldisclosure/2022/Dec/26
http://seclists.org/fulldisclosure/2022/Dec/27
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
https://gitlab.gnome.org/GNOME/libxml2/-/tags
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
https://security.netapp.com/advisory/ntap-20221209-0003/
https://support.apple.com/kb/HT213531
https://support.apple.com/kb/HT213533
https://support.apple.com/kb/HT213534
https://support.apple.com/kb/HT213535
https://support.apple.com/kb/HT213536

CPE    1
cpe:/a:xmlsoft:libxml2
CWE    1
CWE-415
OVAL    31
oval:org.secpod.oval:def:3300847
oval:org.secpod.oval:def:19500062
oval:org.secpod.oval:def:507464
oval:org.secpod.oval:def:89047841
...

© SecPod Technologies