Description

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Related CPE's

a

xmlsoft

libxml2

Vulnerable

a

netapp

active_iq_unified_manager

-

*

*

*

*

vsphere

Vulnerable

a

netapp

clustered_data_ontap

-

Vulnerable

a

netapp

clustered_data_ontap_antivirus_connector

-

Vulnerable

a

netapp

netapp_manageability_sdk

-

Vulnerable

a

netapp

ontap_select_deploy_administration_utility

-

Vulnerable

a

netapp

snapmanager

-

*

*

*

*

hyper-v

Vulnerable

o

apple

ipados

Vulnerable

o

apple

iphone_os

Vulnerable

o

apple

macos

2

o

apple

tvos

Vulnerable

o

apple

watchos

Vulnerable

o

netapp

h300s_firmware

-

Vulnerable

h

netapp

h300s

-

o

netapp

h500s_firmware

-

Vulnerable

h

netapp

h500s

-

o

netapp

h700s_firmware

-

Vulnerable

h

netapp

h700s

-

o

netapp

h410s_firmware

-

Vulnerable

h

netapp

h410s

-

o

netapp

h410c_firmware

-

Vulnerable

h

netapp

h410c

-

References

http://seclists.org/fulldisclosure/2022/Dec/21

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/24

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/25

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/26

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/27

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

PatchThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

Release NotesThird Party Advisory

https://security.netapp.com/advisory/ntap-20221209-0003/

Third Party Advisory

https://support.apple.com/kb/HT213531

Third Party Advisory

https://support.apple.com/kb/HT213533

Third Party Advisory

https://support.apple.com/kb/HT213534

Third Party Advisory

https://support.apple.com/kb/HT213535

Third Party Advisory

https://support.apple.com/kb/HT213536

Third Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/21

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/24

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/25

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/26

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2022/Dec/27

https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0

PatchThird Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

Release NotesThird Party Advisory

https://security.netapp.com/advisory/ntap-20221209-0003/

Third Party Advisory

https://support.apple.com/kb/HT213531

Third Party Advisory

https://support.apple.com/kb/HT213533

Third Party Advisory

https://support.apple.com/kb/HT213534

Third Party Advisory

https://support.apple.com/kb/HT213535

Third Party Advisory

https://support.apple.com/kb/HT213536

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-190

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-190

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-11-22T23:15:11.007Z

3 years ago

Last modified

2025-04-29T03:15:43.693Z

10 months ago