CVE-2022-40303

CVSS V2 None CVSS V3 None
Description
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Overview
  • CVE ID
  • CVE-2022-40303
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-23T00:15:11
  • Last Modified Date
  • 2023-01-11T17:29:36
Weakness Enumerations
CWE URL
CWE-190 http://cwe.mitre.org/data/definitions/190.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* 1 OR 2.10.3
References
Reference URL Reference Tags
http://seclists.org/fulldisclosure/2022/Dec/21
http://seclists.org/fulldisclosure/2022/Dec/24
http://seclists.org/fulldisclosure/2022/Dec/25
http://seclists.org/fulldisclosure/2022/Dec/26
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 Patch Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3 Release Notes Third Party Advisory
https://security.netapp.com/advisory/ntap-20221209-0003/ Third Party Advisory
https://support.apple.com/kb/HT213531
https://support.apple.com/kb/HT213533
https://support.apple.com/kb/HT213534
https://support.apple.com/kb/HT213535
https://support.apple.com/kb/HT213536
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-40303
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-40303
History
Created Old Value New Value Data Type Notes
2022-11-23 01:00:12 Added to TrackCVE
2022-12-07 18:00:23 2022-11-23T00:15Z 2022-11-23T00:15:11 CVE Published Date updated
2022-12-07 18:00:23 2022-11-28T14:46:09 CVE Modified Date updated
2022-12-07 18:00:23 Analyzed Vulnerability Status updated
2022-12-07 18:00:23 CWE-190 Weakness Enumeration new
2022-12-07 18:00:25 CPE Information updated
2022-12-09 19:17:15 2022-12-09T19:15:13 CVE Modified Date updated
2022-12-09 19:17:15 Analyzed Modified Vulnerability Status updated
2022-12-09 19:17:17 References updated
2022-12-12 18:17:23 Modified Undergoing Analysis Vulnerability Status updated
2022-12-13 03:17:52 2022-12-13T02:23:41 CVE Modified Date updated
2022-12-13 03:17:52 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-13 21:14:43 2022-12-13T20:15:10 CVE Modified Date updated
2022-12-13 21:14:43 Analyzed Modified Vulnerability Status updated
2022-12-13 21:14:44 References updated
2022-12-19 19:14:08 Modified Undergoing Analysis Vulnerability Status updated
2022-12-21 07:02:19 2022-12-21T06:15:09 CVE Modified Date updated
2022-12-21 07:02:20 References updated
2023-01-12 05:15:21 2023-01-11T17:29:36 CVE Modified Date updated
2023-01-12 05:15:21 Undergoing Analysis Analyzed Vulnerability Status updated