• Tenable
  • CVEs
  • Settings
    Links
    Tenable.io Tenable Community & Support Tenable University
    Severity
    Theme
  • Tenable
  • Links
  • Tenable.io
  • Tenable Community & Support
  • Tenable University
  • Settings
  • Severity
  • Theme
  • Newest
  • Updated
  • Search
  • Newest
  • Updated
  • Search
  1. CVEs
  2. CVE-2022-40303
  1. CVEs

CVE-2022-40303

high
  • Information
  • CPEs
  • Plugins

Description

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

References

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

https://security.netapp.com/advisory/ntap-20221209-0003/

https://support.apple.com/kb/HT213534

https://support.apple.com/kb/HT213535

https://support.apple.com/kb/HT213536

https://support.apple.com/kb/HT213531

https://support.apple.com/kb/HT213533

http://seclists.org/fulldisclosure/2022/Dec/26

http://seclists.org/fulldisclosure/2022/Dec/21

http://seclists.org/fulldisclosure/2022/Dec/25

http://seclists.org/fulldisclosure/2022/Dec/24

Details

Source: MITRE

Published: 2022-11-23

Updated: 2023-01-11

Type: CWE-190

  • Tenable.com
  • Community & Support
  • Documentation
  • Education
  • © 2023 Tenable®, Inc. All Rights Reserved
  • Privacy Policy
  • Legal
  • 508 Compliance