7.8

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version < 2.10.3
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappSmi-s Provider Version-
NetappSnapmanager Version- SwPlatformhyper-v
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
AppleiPadOS Version < 15.7.2
AppleiPhone OS Version < 15.7.2
ApplemacOS Version >= 11.0 < 11.7.2
ApplemacOS Version >= 12.0 < 12.6.2
AppletvOS Version < 16.2
ApplewatchOS Version < 9.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.78% 0.932
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address.

http://seclists.org/fulldisclosure/2022/Dec/21
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/24
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/25
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/26
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/27
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
Patch
Third Party Advisory
Release Notes
https://security.netapp.com/advisory/ntap-20221209-0003/
Third Party Advisory
https://support.apple.com/kb/HT213531
Third Party Advisory
https://support.apple.com/kb/HT213533
Third Party Advisory
https://support.apple.com/kb/HT213534
Third Party Advisory
https://support.apple.com/kb/HT213535
Third Party Advisory
https://support.apple.com/kb/HT213536
Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
Patch
Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/-/tags
Third Party Advisory
Release Notes