Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2022:5317

Опубликовано: 28 июн. 2022
Источник: rocky
Оценка: Moderate

Описание

Moderate: libxml2 security update

The libxml2 library is a development toolbox providing the implementation of various XML standards.

Security Fix(es):

  • libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write (CVE-2022-29824)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
libxml2i68613.el8_6.1libxml2-2.9.7-13.el8_6.1.i686.rpm
libxml2x86_6413.el8_6.1libxml2-2.9.7-13.el8_6.1.x86_64.rpm
python3-libxml2x86_6413.el8_6.1python3-libxml2-2.9.7-13.el8_6.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2022-29824

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2022-29824

CVSS3: 6.5
ubuntu
больше 3 лет назад

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

redhat логотип

CVE-2022-29824

CVSS3: 7.4
redhat
больше 3 лет назад

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

nvd логотип

CVE-2022-29824

CVSS3: 6.5
nvd
больше 3 лет назад

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

msrc логотип

CVE-2022-29824

CVSS3: 6.5
msrc
больше 3 лет назад

In libxml2 before 2.9.14 several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted multi-gigabyte XML file. Other software using libxml2's buffer functions for example libxslt through 1.1.35 is affected as well.

debian логотип

CVE-2022-29824

CVSS3: 6.5
debian
больше 3 лет назад

In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...