Alpine Linux Development TeamALPINE:CVE-2022-40303

HistoryNov 23, 2022 - 12:15 a.m.

Vulners
/
Alpinelinux
/
CVE-2022-40303

CVE-2022-40303

2022-11-2300:15:11

Alpine Linux Development Team

security.alpinelinux.org

libxml2

xml parsing

integer overflow

segmentation fault

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

OSVersionArchitecturePackageVersionFilename
Alpineedge-mainnoarchlibxml2< 2.10.3-r0UNKNOWN
Alpine3.13-mainnoarchlibxml2< 2.9.14-r2UNKNOWN
Alpine3.14-mainnoarchlibxml2< 2.9.14-r2UNKNOWN
Alpine3.15-mainnoarchlibxml2< 2.9.14-r2UNKNOWN
Alpine3.16-mainnoarchlibxml2< 2.9.14-r2UNKNOWN
Alpine3.17-mainnoarchlibxml2< 2.10.3-r0UNKNOWN
Alpine3.18-mainnoarchlibxml2< 2.10.3-r0UNKNOWN
Alpine3.19-mainnoarchlibxml2< 2.10.3-r0UNKNOWN
Alpine3.20-mainnoarchlibxml2< 2.10.3-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-main	noarch	libxml2	< 2.10.3-r0	UNKNOWN
Alpine	3.13-main	noarch	libxml2	< 2.9.14-r2	UNKNOWN
Alpine	3.14-main	noarch	libxml2	< 2.9.14-r2	UNKNOWN
Alpine	3.15-main	noarch	libxml2	< 2.9.14-r2	UNKNOWN
Alpine	3.16-main	noarch	libxml2	< 2.9.14-r2	UNKNOWN
Alpine	3.17-main	noarch	libxml2	< 2.10.3-r0	UNKNOWN
Alpine	3.18-main	noarch	libxml2	< 2.10.3-r0	UNKNOWN
Alpine	3.19-main	noarch	libxml2	< 2.10.3-r0	UNKNOWN
Alpine	3.20-main	noarch	libxml2	< 2.10.3-r0	UNKNOWN

cbl_mariner 2

redhatcve 1

cvelist 1

nvd 1

debiancve 1

ibm 10

veracode 1

ubuntucve 1

f5 1

nessus 59

osv 12

cve 1

prion 1

gentoo 1

openvas 32

debian 2

oraclelinux 2

altlinux 2

rocky 2

fedora 4

redhat 27

ubuntu 2

mageia 1

aix 1

suse 2

almalinux 2

redos 1

cloudlinux 1

hivepro 1

zdt 1

apple 7

amazon 2

packetstorm 1

github 1

cloudfoundry 1

photon 5

slackware 1

rosalinux 1

trellix 2

ics 2

cbl_mariner

CVE-2022-40303 affecting package libxml2 for versions less than 2.10.3-1

2022-12-09 00:19:55

CVE-2022-40303 affecting package libxml2 2.9.14-2

2022-12-06 23:44:35

redhatcve

CVE-2022-40303

2022-10-19 19:17:28

cvelist

CVE-2022-40303

2022-11-22 00:00:00

nvd

CVE-2022-40303

2022-11-23 00:15:11

debiancve

CVE-2022-40303

2022-11-23 00:15:11

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40303)

2023-03-31 17:03:40

Security Bulletin: Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303)

2023-10-14 05:05:27

Security Bulletin: AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)

2023-05-04 20:31:06

veracode

Denial Of Service (DoS)

2022-10-19 02:12:32

ubuntucve

CVE-2022-40303

2022-11-23 00:00:00

K000139917: Libxml2 vulnerability CVE-2022-40303

2024-06-05 00:00:00

nessus

CBL Mariner 2.0 Security Update: libxml2 (CVE-2022-40303)

2023-03-20 00:00:00

EulerOS Virtualization 2.9.0 : libxml2 (EulerOS-SA-2023-1660)

2023-04-27 00:00:00

Amazon Linux 2 : libxml2 (ALAS-2023-1996)

2023-03-22 00:00:00

osv

CGA-f3rc-g7rm-8v72

2024-06-06 12:27:01

libxml2 - security update

2022-11-05 00:00:00

Moderate: libxml2 security update

2023-01-16 00:00:00

cve

CVE-2022-40303

2022-11-23 00:15:11

prion

Integer overflow

2022-11-23 00:15:00

gentoo

libxml2: Multiple Vulnerabilities

2022-10-31 00:00:00

openvas

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-2039)

2023-06-07 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1660)

2023-04-27 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2023-1393)

2023-02-10 00:00:00

debian

[SECURITY] [DSA 5271-1] libxml2 security update

2022-11-05 19:46:29

[SECURITY] [DLA 3172-1] libxml2 security update

2022-10-30 15:57:58

oraclelinux

libxml2 security update

2023-01-24 00:00:00

libxml2 security update

2023-01-16 00:00:00

altlinux

Security fix for the ALT Linux 9 package libxml2 version 1:2.9.10-alt6.p9.1

2023-02-13 00:00:00

Security fix for the ALT Linux 10 package libxml2 version 1:2.9.12-alt1.p10.1

2023-02-02 00:00:00

rocky

libxml2 security update

2023-01-23 14:30:36

libxml2 security update

2023-01-16 09:03:23

fedora

[SECURITY] Fedora 37 Update: xmlsec1-1.2.34-4.fc37

2022-11-13 01:14:14

[SECURITY] Fedora 37 Update: libxml2-2.10.3-2.fc37

2022-11-13 01:14:11

[SECURITY] Fedora 36 Update: xmlsec1-1.2.33-3.fc36

2022-10-25 13:13:36

redhat

(RHSA-2023:0173) Moderate: libxml2 security update

2023-01-16 09:03:23

(RHSA-2023:0338) Moderate: libxml2 security update

2023-01-23 14:30:36

(RHSA-2024:0413) Moderate: libxml2 security update

2024-01-24 14:40:23

ubuntu

libxml2 vulnerabilities

2022-12-05 00:00:00

libxml2 vulnerabilities

2022-12-05 00:00:00

mageia

Updated libxml2 packages fix security vulnerability

2022-11-08 22:44:28

aix

AIX is vulnerable to arbitrary code execution due to libxml2

2023-02-08 13:18:47

suse

Security update for libxml2 (important)

2022-10-21 00:00:00

Security update for libxml2 (important)

2022-11-04 00:00:00

almalinux

Moderate: libxml2 security update

2023-01-16 00:00:00

Moderate: libxml2 security update

2023-01-23 00:00:00

redos

ROS-20221110-01

2022-11-10 00:00:00

cloudlinux

libxml2: Fix of 2 CVEs

2022-12-08 17:47:57

hivepro

Apple addresses the macOS code execution flaws

2022-11-11 13:49:02

zdt

libxml2 xmlParseNameComplex Integer Overflow Vulnerability

2022-11-16 00:00:00

apple

About the security content of macOS Ventura 13.0.1

2022-11-09 00:00:00

About the security content of iOS 16.1.1 and iPadOS 16.1.1

2022-11-09 00:00:00

About the security content of macOS Big Sur 11.7.2

2022-12-13 00:00:00

amazon

Medium: libxml2

2023-03-17 16:34:00

Medium: libxml2

2023-04-27 16:19:00

packetstorm

libxml2 xmlParseNameComplex Integer Overflow

2022-11-14 00:00:00

github

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs

2022-10-18 18:12:31

cloudfoundry

USN-5760-1: libxml2 vulnerabilities | Cloud Foundry

2023-01-26 00:00:00

photon

Important Photon OS Security Update - PHSA-2022-0546

2022-12-05 00:00:00

Important Photon OS Security Update - PHSA-2022-3.0-0499

2022-12-06 00:00:00

Important Photon OS Security Update - PHSA-2022-0293

2022-12-06 00:00:00

slackware

[slackware-security] libxml2

2023-12-10 01:15:09

rosalinux

Advisory ROSA-SA-2024-2356

2024-02-20 10:05:34

trellix

The Bug Report – November 2022 Edition

2022-12-07 00:00:00

The Bug Report – November 2022 Edition

2022-12-07 00:00:00

ics

Siemens SIMATIC and SIPLUS

2024-06-13 12:00:00

Siemens TIM 1531 IRC

2024-06-13 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

Related for ALPINE:CVE-2022-40303