An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2022/Dec/21 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Dec/24 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Dec/25 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Dec/26 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2022/Dec/27 | |
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 | Patch Third Party Advisory |
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3 | Release Notes Third Party Advisory |
https://security.netapp.com/advisory/ntap-20221209-0003/ | Third Party Advisory |
https://support.apple.com/kb/HT213531 | Third Party Advisory |
https://support.apple.com/kb/HT213533 | Third Party Advisory |
https://support.apple.com/kb/HT213534 | Third Party Advisory |
https://support.apple.com/kb/HT213535 | Third Party Advisory |
https://support.apple.com/kb/HT213536 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Jan 2023, 17:29
Type | Values Removed | Values Added |
---|---|---|
First Time |
Netapp h700s
Netapp h410s Netapp h300s Netapp h410s Firmware Netapp h410c Firmware Netapp h300s Firmware Apple iphone Os Apple tvos Apple Apple watchos Netapp h500s Apple macos Netapp ontap Select Deploy Administration Utility Netapp snapmanager Netapp active Iq Unified Manager Apple ipados Netapp h700s Firmware Netapp h500s Firmware Netapp h410c |
|
CPE | cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:* |
|
References | (CONFIRM) https://support.apple.com/kb/HT213534 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/25 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/24 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213531 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213535 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/26 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213533 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213536 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/21 - Mailing List, Third Party Advisory |
21 Dec 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Dec 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Dec 2022, 02:23
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221209-0003/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:netapp_manageability_sdk:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* |
|
First Time |
Netapp
Netapp clustered Data Ontap Antivirus Connector Netapp clustered Data Ontap Netapp netapp Manageability Sdk Netapp active Iq Unified Manager For Vmware Vsphere |
09 Dec 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Nov 2022, 14:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3 - Release Notes, Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0 - Patch, Third Party Advisory | |
CWE | CWE-190 | |
First Time |
Xmlsoft libxml2
Xmlsoft |
|
CPE | cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
23 Nov 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-23 00:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40303
Mitre link : CVE-2022-40303
CVE.ORG link : CVE-2022-40303
JSON object : View
Products Affected
netapp
- h700s_firmware
- h410s
- snapmanager
- netapp_manageability_sdk
- h300s
- clustered_data_ontap_antivirus_connector
- h700s
- h410s_firmware
- h500s
- clustered_data_ontap
- h300s_firmware
- h410c
- active_iq_unified_manager
- ontap_select_deploy_administration_utility
- h500s_firmware
- h410c_firmware
xmlsoft
- libxml2
apple
- macos
- iphone_os
- tvos
- ipados
- watchos
CWE
CWE-190
Integer Overflow or Wraparound