7.8

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version < 2.10.3
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
NetappSmi-s Provider Version-
NetappSnapmanager Version- SwPlatformhyper-v
NetappH300s Firmware Version-
   NetappH300s Version-
NetappH500s Firmware Version-
   NetappH500s Version-
NetappH700s Firmware Version-
   NetappH700s Version-
NetappH410s Firmware Version-
   NetappH410s Version-
NetappH410c Firmware Version-
   NetappH410c Version-
AppleiPadOS Version < 15.7.2
AppleiPhone OS Version < 15.7.2
ApplemacOS Version >= 11.0 < 11.7.2
ApplemacOS Version >= 12.0 < 12.6.2
AppletvOS Version < 16.2
ApplewatchOS Version < 9.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.293
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

http://seclists.org/fulldisclosure/2022/Dec/21
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/24
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/25
Third Party Advisory
Mailing List
http://seclists.org/fulldisclosure/2022/Dec/26
Third Party Advisory
Mailing List
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
Patch
Third Party Advisory
Release Notes
https://gitlab.gnome.org/GNOME/libxml2/-/tags
Third Party Advisory
Release Notes