CVE-2022-2309
NULL Pointer Dereference in lxml/lxml
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
Una desreferencia de puntero NULL permite a atacantes causar una denegación de servicio (o bloqueo de la aplicación). Esto solo se aplica cuando lxml se usa junto con libxml2 versiones 2.9.10 hasta 2.9.14. libxml2 versiones 2.9.9 y anteriores no están afectados. Permite desencadenar bloqueos por medio de datos de entrada falsificados, dada una secuencia de código vulnerable en la aplicación. La vulnerabilidad es causada por la función iterwalk (también utilizada por la función canonicalize). Dicho código no debería tener un uso generalizado, dado que parsing + iterwalk generalmente se reemplazaría con la función iterparse más eficiente. Sin embargo, un convertidor XML que serializa a C14N también sería vulnerable, por ejemplo, y existen casos de uso legítimos para esta secuencia de código. Si se recibe una entrada que no es de confianza (también de forma remota) y se procesa por medio de la función iterwalk, se puede desencadenar un bloqueo
A NULL Pointer dereference vulnerability found in lxml, caused by the iterwalk function (also used by the canonicalize function). This flaw can lead to a crash when the incorrect parser input occurs together with usages.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-05 CVE Reserved
- 2022-07-05 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-09-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-476: NULL Pointer Dereference
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20220915-0006 | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba | 2024-08-03 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Lxml Search vendor "Lxml" | Lxml Search vendor "Lxml" for product "Lxml" | < 4.9.1 Search vendor "Lxml" for product "Lxml" and version " < 4.9.1" | - |
Affected
| in | Xmlsoft Search vendor "Xmlsoft" | Libxml2 Search vendor "Xmlsoft" for product "Libxml2" | >= 2.9.10 <= 2.9.14 Search vendor "Xmlsoft" for product "Libxml2" and version " >= 2.9.10 <= 2.9.14" | - |
Safe
|
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||