CVE-2022-40304

libxml2: dict corruption caused by entity reference cycles

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Se descubrió un problema en libxml2 antes de la versión 2.10.3. Ciertas definiciones de entidades XML no válidas pueden dañar la clave de una tabla hash, lo que podría provocar errores lógicos posteriores. En un caso, se puede provocar un double-free.

A flaw was found in libxml2. When a reference cycle is detected in the XML entity cleanup function the XML entity data can be stored in a dictionary. In this case, the dictionary becomes corrupted resulting in logic errors, including memory errors like double free.

libxml2 suffers from a double-free vulnerability when parsing default attributes.

*Credits: N/A

CVSS Scores

NISTv3.1 7.8

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-09-09 CVE Reserved
2022-11-01 CVE Published
2024-05-05 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-415: Double Free

CAPEC

References (16)

URL	Tag	Source
http://seclists.org/fulldisclosure/2022/Dec/21	Mailing List
http://seclists.org/fulldisclosure/2022/Dec/24	Mailing List
http://seclists.org/fulldisclosure/2022/Dec/25	Mailing List
http://seclists.org/fulldisclosure/2022/Dec/26	Mailing List
http://seclists.org/fulldisclosure/2022/Dec/27	Mailing List
https://gitlab.gnome.org/GNOME/libxml2/-/tags	Release Notes
https://security.netapp.com/advisory/ntap-20221209-0003	Third Party Advisory
https://support.apple.com/kb/HT213531	Third Party Advisory
https://support.apple.com/kb/HT213533	Third Party Advisory
https://support.apple.com/kb/HT213534	Third Party Advisory
https://support.apple.com/kb/HT213535	Third Party Advisory
https://support.apple.com/kb/HT213536	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b	2023-11-07
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3	2023-11-07

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-40304	2024-01-25
https://bugzilla.redhat.com/show_bug.cgi?id=2136288	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Netapp Search vendor "Netapp"	H300s Firmware Search vendor "Netapp" for product "H300s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H300s Search vendor "Netapp" for product "H300s"	-	-	Safe
Netapp Search vendor "Netapp"	H500s Firmware Search vendor "Netapp" for product "H500s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H500s Search vendor "Netapp" for product "H500s"	-	-	Safe
Netapp Search vendor "Netapp"	H700s Firmware Search vendor "Netapp" for product "H700s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H700s Search vendor "Netapp" for product "H700s"	-	-	Safe
Netapp Search vendor "Netapp"	H410s Firmware Search vendor "Netapp" for product "H410s Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410s Search vendor "Netapp" for product "H410s"	-	-	Safe
Netapp Search vendor "Netapp"	H410c Firmware Search vendor "Netapp" for product "H410c Firmware"	-	-	Affected	in	Netapp Search vendor "Netapp"	H410c Search vendor "Netapp" for product "H410c"	-	-	Safe
Xmlsoft Search vendor "Xmlsoft"		Libxml2 Search vendor "Xmlsoft" for product "Libxml2"				< 2.10.3 Search vendor "Xmlsoft" for product "Libxml2" and version " < 2.10.3"		-		Affected
Netapp Search vendor "Netapp"		Active Iq Unified Manager Search vendor "Netapp" for product "Active Iq Unified Manager"				-		vmware_vsphere		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				-		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Antivirus Connector Search vendor "Netapp" for product "Clustered Data Ontap Antivirus Connector"				-		-		Affected
Netapp Search vendor "Netapp"		Manageability Software Development Kit Search vendor "Netapp" for product "Manageability Software Development Kit"				-		-		Affected
Netapp Search vendor "Netapp"		Smi-s Provider Search vendor "Netapp" for product "Smi-s Provider"				-		-		Affected
Netapp Search vendor "Netapp"		Snapmanager Search vendor "Netapp" for product "Snapmanager"				-		hyper-v		Affected
Apple Search vendor "Apple"		Ipados Search vendor "Apple" for product "Ipados"				< 15.7.2 Search vendor "Apple" for product "Ipados" and version " < 15.7.2"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				< 15.7.2 Search vendor "Apple" for product "Iphone Os" and version " < 15.7.2"		-		Affected
Apple Search vendor "Apple"		Macos Search vendor "Apple" for product "Macos"				>= 11.0 < 11.7.2 Search vendor "Apple" for product "Macos" and version " >= 11.0 < 11.7.2"		-		Affected
Apple Search vendor "Apple"		Macos Search vendor "Apple" for product "Macos"				>= 12.0 < 12.6.2 Search vendor "Apple" for product "Macos" and version " >= 12.0 < 12.6.2"		-		Affected
Apple Search vendor "Apple"		Tvos Search vendor "Apple" for product "Tvos"				< 16.2 Search vendor "Apple" for product "Tvos" and version " < 16.2"		-		Affected
Apple Search vendor "Apple"		Watchos Search vendor "Apple" for product "Watchos"				< 9.2 Search vendor "Apple" for product "Watchos" and version " < 9.2"		-		Affected