Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2022-29824

Опубликовано: 03 мая 2022
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.5

Описание

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

РелизСтатусПримечание
bionic

released

2.9.4+dfsg1-6.1ubuntu1.6
devel

not-affected

2.9.14+dfsg-1
esm-infra-legacy/trusty

not-affected

2.9.1+dfsg1-3ubuntu4.13+esm3
esm-infra/bionic

not-affected

2.9.4+dfsg1-6.1ubuntu1.6
esm-infra/focal

not-affected

2.9.10+dfsg-5ubuntu0.20.04.3
esm-infra/xenial

released

2.9.3+dfsg1-1ubuntu0.7+esm2
focal

released

2.9.10+dfsg-5ubuntu0.20.04.3
impish

released

2.9.12+dfsg-4ubuntu0.2
jammy

released

2.9.13+dfsg-1ubuntu0.1
trusty/esm

released

2.9.1+dfsg1-3ubuntu4.13+esm3

Показывать по

Ссылки на источники

EPSS

Процентиль: 12%
0.00041
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2022-29824

CVSS3: 7.4
redhat
около 3 лет назад

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

nvd логотип

CVE-2022-29824

CVSS3: 6.5
nvd
около 3 лет назад

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

msrc логотип

CVE-2022-29824

CVSS3: 6.5
msrc
около 3 лет назад

Описание отсутствует

debian логотип

CVE-2022-29824

CVSS3: 6.5
debian
около 3 лет назад

In libxml2 before 2.9.14, several buffer handling functions in buf.c ( ...

github логотип

GHSA-3rrw-pv9w-qgch

CVSS3: 6.5
github
около 3 лет назад

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

EPSS

Процентиль: 12%
0.00041
Низкий

4.3 Medium

CVSS2

6.5 Medium

CVSS3