Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-40304

Опубликовано: 14 окт. 2022
Источник: redhat
CVSS3: 7.8

Описание

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free.

Отчет

The most likely impact of this flaw is a Denial of Service in the application linked to the library. To reflect this, Red Hat Product Security has rated this flaw as having a moderate security impact.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6libxml2Out of support scope
Red Hat Enterprise Linux 7libxml2Out of support scope
Red Hat Enterprise Linux 8libxml2FixedRHSA-2023:017316.01.2023
Red Hat Enterprise Linux 8libxml2FixedRHSA-2023:017316.01.2023
Red Hat Enterprise Linux 8.6 Extended Update Supportlibxml2FixedRHSA-2024:041325.01.2024
Red Hat Enterprise Linux 9libxml2FixedRHSA-2023:033823.01.2023
Red Hat Enterprise Linux 9libxml2FixedRHSA-2023:033823.01.2023
Text-Only JBCSlibxml2FixedRHSA-2022:884108.12.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-415
https://bugzilla.redhat.com/show_bug.cgi?id=2136288libxml2: dict corruption caused by entity reference cycles

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-40304

CVSS3: 7.8
ubuntu
больше 2 лет назад

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

nvd логотип

CVE-2022-40304

CVSS3: 7.8
nvd
больше 2 лет назад

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

debian логотип

CVE-2022-40304

CVSS3: 7.8
debian
больше 2 лет назад

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML ...

github логотип

GHSA-g848-pppp-vg6f

CVSS3: 7.8
github
больше 2 лет назад

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

fstec логотип

BDU:2022-06700

CVSS3: 8.2
fstec
почти 3 года назад

Уязвимость функции очистки объекта XML библиотеки анализа XML-документов libxml2, позволяющая нарушителю вызвать отказ в обслуживании

7.8 High

CVSS3