An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
History
07 Nov 2023, 03:52
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-415 |
31 Jan 2023, 20:14
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apple watchos
Netapp h700s Netapp h500s Apple macos Netapp h410s Netapp smi-s Provider Netapp clustered Data Ontap Netapp snapmanager Netapp manageability Software Development Kit Netapp h300s Netapp h410s Firmware Apple ipados Netapp active Iq Unified Manager Netapp h700s Firmware Netapp h410c Firmware Netapp Netapp clustered Data Ontap Antivirus Connector Apple iphone Os Netapp h300s Firmware Apple tvos Netapp h500s Firmware Netapp h410c Apple |
|
CPE | cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:* cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20221209-0003/ - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213534 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213535 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/24 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213531 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/25 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/26 - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213533 - Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/kb/HT213536 - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2022/Dec/21 - Mailing List, Third Party Advisory |
21 Dec 2022, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Dec 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Dec 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Nov 2022, 16:26
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-611 | |
References | (MISC) https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3 - Patch, Release Notes, Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b - Patch, Third Party Advisory | |
References | (MISC) https://gitlab.gnome.org/GNOME/libxml2/-/tags - Release Notes, Third Party Advisory | |
CPE | cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* | |
First Time |
Xmlsoft libxml2
Xmlsoft |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
23 Nov 2022, 18:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-23 18:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-40304
Mitre link : CVE-2022-40304
CVE.ORG link : CVE-2022-40304
JSON object : View
Products Affected
netapp
- h700s_firmware
- manageability_software_development_kit
- h410s
- snapmanager
- smi-s_provider
- h300s
- h700s
- clustered_data_ontap_antivirus_connector
- h410s_firmware
- h500s
- clustered_data_ontap
- h300s_firmware
- h410c
- active_iq_unified_manager
- h500s_firmware
- h410c_firmware
xmlsoft
- libxml2
apple
- iphone_os
- macos
- tvos
- ipados
- watchos
CWE
CWE-415
Double Free