CVE-2022-29824
Severity CVSS v4.0:
Pending analysis
Type:
CWE-190
Integer Overflow or Wraparound
Publication date:
03/05/2022
Last modified:
07/11/2023
Description
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* | 2.9.14 (excluding) | |
| cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:* | 1.1.35 (including) | |
| cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* | ||
| cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:* | ||
| cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html
- http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
- https://gitlab.gnome.org/GNOME/libxslt/-/tags
- https://lists.debian.org/debian-lts-announce/2022/05/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FZOBT5Y6Y2QLDDX2HZGMV7MJMWGXORKK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3NVZVWFRBXBI3AKZZWUWY6INQQPQVSF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P5363EDV5VHZ5C77ODA43RYDCPMA7ARM/
- https://security.gentoo.org/glsa/202210-03
- https://security.netapp.com/advisory/ntap-20220715-0006/
- https://www.debian.org/security/2022/dsa-5142
- https://www.oracle.com/security-alerts/cpujul2022.html