CVE-2022-40304

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-40304

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40304.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-40304

Related

Published

2022-11-23T18:15:12Z

Modified

2024-10-25T23:54:08.116175Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

References

Affected packages

Alpine:v3.13 / libxml2

Package

Name: libxml2
Purl: pkg:apk/alpine/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.14-r2

Affected versions

2.*

2.7.2-r0

2.7.3-r0

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.8-r0

2.7.8-r1

2.7.8-r2

2.7.8-r4

2.7.8-r5

2.7.8-r6

2.7.8-r7

2.7.8-r8

2.8.0-r0

2.8.0-r1

2.9.0-r0

2.9.0-r1

2.9.0-r2

2.9.0-r3

2.9.1-r0

2.9.1-r1

2.9.1-r2

2.9.2-r0

2.9.2-r1

2.9.2-r2

2.9.3-r0

2.9.4-r0

2.9.4-r1

2.9.4-r2

2.9.4-r3

2.9.4-r4

2.9.5-r0

2.9.6-r0

2.9.6-r2

2.9.7-r0

2.9.7-r1

2.9.8-r0

2.9.8-r1

2.9.8-r2

2.9.9-r0

2.9.9-r1

2.9.9-r2

2.9.9-r3

2.9.10-r0

2.9.10-r1

2.9.10-r2

2.9.10-r3

2.9.10-r4

2.9.10-r5

2.9.10-r6

2.9.10-r7

2.9.11-r0

2.9.12-r0

2.9.13-r0

2.9.14-r0

2.9.14-r1

Alpine:v3.14 / libxml2

Package

Name: libxml2
Purl: pkg:apk/alpine/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.14-r2

Affected versions

2.*

2.7.2-r0

2.7.3-r0

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.8-r0

2.7.8-r1

2.7.8-r2

2.7.8-r4

2.7.8-r5

2.7.8-r6

2.7.8-r7

2.7.8-r8

2.8.0-r0

2.8.0-r1

2.9.0-r0

2.9.0-r1

2.9.0-r2

2.9.0-r3

2.9.1-r0

2.9.1-r1

2.9.1-r2

2.9.2-r0

2.9.2-r1

2.9.2-r2

2.9.3-r0

2.9.4-r0

2.9.4-r1

2.9.4-r2

2.9.4-r3

2.9.4-r4

2.9.5-r0

2.9.6-r0

2.9.6-r2

2.9.7-r0

2.9.7-r1

2.9.8-r0

2.9.8-r1

2.9.8-r2

2.9.9-r0

2.9.9-r1

2.9.9-r2

2.9.9-r3

2.9.10-r0

2.9.10-r1

2.9.10-r2

2.9.10-r3

2.9.10-r4

2.9.10-r5

2.9.10-r6

2.9.10-r7

2.9.12-r0

2.9.12-r1

2.9.13-r0

2.9.14-r0

2.9.14-r1

Alpine:v3.15 / libxml2

Package

Name: libxml2
Purl: pkg:apk/alpine/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.14-r2

Affected versions

2.*

2.7.2-r0

2.7.3-r0

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.8-r0

2.7.8-r1

2.7.8-r2

2.7.8-r4

2.7.8-r5

2.7.8-r6

2.7.8-r7

2.7.8-r8

2.8.0-r0

2.8.0-r1

2.9.0-r0

2.9.0-r1

2.9.0-r2

2.9.0-r3

2.9.1-r0

2.9.1-r1

2.9.1-r2

2.9.2-r0

2.9.2-r1

2.9.2-r2

2.9.3-r0

2.9.4-r0

2.9.4-r1

2.9.4-r2

2.9.4-r3

2.9.4-r4

2.9.5-r0

2.9.6-r0

2.9.6-r2

2.9.7-r0

2.9.7-r1

2.9.8-r0

2.9.8-r1

2.9.8-r2

2.9.9-r0

2.9.9-r1

2.9.9-r2

2.9.9-r3

2.9.10-r0

2.9.10-r1

2.9.10-r2

2.9.10-r3

2.9.10-r4

2.9.10-r5

2.9.10-r6

2.9.10-r7

2.9.12-r0

2.9.12-r1

2.9.12-r2

2.9.13-r0

2.9.14-r0

2.9.14-r1

Alpine:v3.16 / libxml2

Package

Name: libxml2
Purl: pkg:apk/alpine/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.14-r2

Affected versions

2.*

2.7.2-r0

2.7.3-r0

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.8-r0

2.7.8-r1

2.7.8-r2

2.7.8-r4

2.7.8-r5

2.7.8-r6

2.7.8-r7

2.7.8-r8

2.8.0-r0

2.8.0-r1

2.9.0-r0

2.9.0-r1

2.9.0-r2

2.9.0-r3

2.9.1-r0

2.9.1-r1

2.9.1-r2

2.9.2-r0

2.9.2-r1

2.9.2-r2

2.9.3-r0

2.9.4-r0

2.9.4-r1

2.9.4-r2

2.9.4-r3

2.9.4-r4

2.9.5-r0

2.9.6-r0

2.9.6-r2

2.9.7-r0

2.9.7-r1

2.9.8-r0

2.9.8-r1

2.9.8-r2

2.9.9-r0

2.9.9-r1

2.9.9-r2

2.9.9-r3

2.9.10-r0

2.9.10-r1

2.9.10-r2

2.9.10-r3

2.9.10-r4

2.9.10-r5

2.9.10-r6

2.9.10-r7

2.9.12-r0

2.9.12-r1

2.9.12-r2

2.9.12-r3

2.9.13-r0

2.9.14-r0

2.9.14-r1

Alpine:v3.17 / libxml2

Package

Name: libxml2
Purl: pkg:apk/alpine/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.3-r0

Affected versions

2.*

2.7.2-r0

2.7.3-r0

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.8-r0

2.7.8-r1

2.7.8-r2

2.7.8-r4

2.7.8-r5

2.7.8-r6

2.7.8-r7

2.7.8-r8

2.8.0-r0

2.8.0-r1

2.9.0-r0

2.9.0-r1

2.9.0-r2

2.9.0-r3

2.9.1-r0

2.9.1-r1

2.9.1-r2

2.9.2-r0

2.9.2-r1

2.9.2-r2

2.9.3-r0

2.9.4-r0

2.9.4-r1

2.9.4-r2

2.9.4-r3

2.9.4-r4

2.9.5-r0

2.9.6-r0

2.9.6-r2

2.9.7-r0

2.9.7-r1

2.9.8-r0

2.9.8-r1

2.9.8-r2

2.9.9-r0

2.9.9-r1

2.9.9-r2

2.9.9-r3

2.9.10-r0

2.9.10-r1

2.9.10-r2

2.9.10-r3

2.9.10-r4

2.9.10-r5

2.9.10-r6

2.9.10-r7

2.9.12-r0

2.9.12-r1

2.9.12-r2

2.9.12-r3

2.9.13-r0

2.9.14-r0

2.9.14-r1

2.10.0-r0

2.10.1-r0

2.10.2-r0

2.10.2-r1

Alpine:v3.18 / libxml2

Package

Name: libxml2
Purl: pkg:apk/alpine/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.3-r0

Affected versions

2.*

2.7.2-r0

2.7.3-r0

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.8-r0

2.7.8-r1

2.7.8-r2

2.7.8-r4

2.7.8-r5

2.7.8-r6

2.7.8-r7

2.7.8-r8

2.8.0-r0

2.8.0-r1

2.9.0-r0

2.9.0-r1

2.9.0-r2

2.9.0-r3

2.9.1-r0

2.9.1-r1

2.9.1-r2

2.9.2-r0

2.9.2-r1

2.9.2-r2

2.9.3-r0

2.9.4-r0

2.9.4-r1

2.9.4-r2

2.9.4-r3

2.9.4-r4

2.9.5-r0

2.9.6-r0

2.9.6-r2

2.9.7-r0

2.9.7-r1

2.9.8-r0

2.9.8-r1

2.9.8-r2

2.9.9-r0

2.9.9-r1

2.9.9-r2

2.9.9-r3

2.9.10-r0

2.9.10-r1

2.9.10-r2

2.9.10-r3

2.9.10-r4

2.9.10-r5

2.9.10-r6

2.9.10-r7

2.9.12-r0

2.9.12-r1

2.9.12-r2

2.9.12-r3

2.9.13-r0

2.9.14-r0

2.9.14-r1

2.10.0-r0

2.10.1-r0

2.10.2-r0

2.10.2-r1

Alpine:v3.19 / libxml2

Package

Name: libxml2
Purl: pkg:apk/alpine/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.3-r0

Affected versions

2.*

2.7.2-r0

2.7.3-r0

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.8-r0

2.7.8-r1

2.7.8-r2

2.7.8-r4

2.7.8-r5

2.7.8-r6

2.7.8-r7

2.7.8-r8

2.8.0-r0

2.8.0-r1

2.9.0-r0

2.9.0-r1

2.9.0-r2

2.9.0-r3

2.9.1-r0

2.9.1-r1

2.9.1-r2

2.9.2-r0

2.9.2-r1

2.9.2-r2

2.9.3-r0

2.9.4-r0

2.9.4-r1

2.9.4-r2

2.9.4-r3

2.9.4-r4

2.9.5-r0

2.9.6-r0

2.9.6-r2

2.9.7-r0

2.9.7-r1

2.9.8-r0

2.9.8-r1

2.9.8-r2

2.9.9-r0

2.9.9-r1

2.9.9-r2

2.9.9-r3

2.9.10-r0

2.9.10-r1

2.9.10-r2

2.9.10-r3

2.9.10-r4

2.9.10-r5

2.9.10-r6

2.9.10-r7

2.9.12-r0

2.9.12-r1

2.9.12-r2

2.9.12-r3

2.9.13-r0

2.9.14-r0

2.9.14-r1

2.10.0-r0

2.10.1-r0

2.10.2-r0

2.10.2-r1

Alpine:v3.20 / libxml2

Package

Name: libxml2
Purl: pkg:apk/alpine/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.10.3-r0

Affected versions

2.*

2.7.2-r0

2.7.3-r0

2.7.6-r0

2.7.6-r1

2.7.6-r2

2.7.6-r3

2.7.7-r0

2.7.7-r1

2.7.7-r2

2.7.7-r3

2.7.7-r4

2.7.8-r0

2.7.8-r1

2.7.8-r2

2.7.8-r4

2.7.8-r5

2.7.8-r6

2.7.8-r7

2.7.8-r8

2.8.0-r0

2.8.0-r1

2.9.0-r0

2.9.0-r1

2.9.0-r2

2.9.0-r3

2.9.1-r0

2.9.1-r1

2.9.1-r2

2.9.2-r0

2.9.2-r1

2.9.2-r2

2.9.3-r0

2.9.4-r0

2.9.4-r1

2.9.4-r2

2.9.4-r3

2.9.4-r4

2.9.5-r0

2.9.6-r0

2.9.6-r2

2.9.7-r0

2.9.7-r1

2.9.8-r0

2.9.8-r1

2.9.8-r2

2.9.9-r0

2.9.9-r1

2.9.9-r2

2.9.9-r3

2.9.10-r0

2.9.10-r1

2.9.10-r2

2.9.10-r3

2.9.10-r4

2.9.10-r5

2.9.10-r6

2.9.10-r7

2.9.12-r0

2.9.12-r1

2.9.12-r2

2.9.12-r3

2.9.13-r0

2.9.14-r0

2.9.14-r1

2.10.0-r0

2.10.1-r0

2.10.2-r0

2.10.2-r1

Debian:11 / libxml2

Package

Name: libxml2
Purl: pkg:deb/debian/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.10+dfsg-6.7+deb11u3

Affected versions

2.*

2.9.10+dfsg-6.7

2.9.10+dfsg-6.7+deb11u1

2.9.10+dfsg-6.7+deb11u2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libxml2

Package

Name: libxml2
Purl: pkg:deb/debian/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.14+dfsg-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libxml2

Package

Name: libxml2
Purl: pkg:deb/debian/libxml2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.14+dfsg-1.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.gnome.org/GNOME/libxml2

Affected ranges

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/libxml2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1b41ec4e9433b05bb0376be4725804c54ef1d80b

Affected versions

Other

CVE-2013-2877

CVE-2014-0191

CVE-2014-3660

CVE-2015-1819

CVE-2015-5312

CVE-2015-7497

CVE-2015-7498

CVE-2015-7499-1

CVE-2015-7499-2

CVE-2015-7500

CVE-2015-7941_1

CVE-2015-7941_2

CVE-2015-7942

CVE-2015-7942-2

CVE-2015-8035

CVE-2015-8242

CVE-2015-8317

CVE-2016-1762

CVE-2016-1833

CVE-2016-1834

CVE-2016-1835

CVE-2016-1836

CVE-2016-1837

CVE-2016-1838

CVE-2016-1839

CVE-2016-1840

CVE-2016-3627

CVE-2016-3705

CVE-2016-4449

CVE-2016-4483

CVE-2021-3541

EAZEL-NAUTILUS-MS-AUG07

FOR_GNOME_0_99_1

GNOME_0_30

GNOME_PRINT_0_24

GNUMERIC_FIRST_PUBLIC_RELEASE

LIBXML2_2_4_21

LIBXML2_2_5_0

LIBXML2_2_5_10

LIBXML2_2_5_7

LIBXML2_2_5_8

LIBXML2_2_5_9

LIBXML2_2_5_x

LIBXML2_2_6_1

LIBXML2_2_6_11

LIBXML2_2_6_12

LIBXML2_2_6_13

LIBXML2_2_6_14

LIBXML2_2_6_15

LIBXML2_2_6_16

LIBXML2_2_6_18

LIBXML2_2_6_19

LIBXML2_2_6_2

LIBXML2_2_6_20

LIBXML2_2_6_21

LIBXML2_2_6_22

LIBXML2_2_6_23

LIBXML2_2_6_24

LIBXML2_2_6_26

LIBXML2_2_6_27

LIBXML2_2_6_28

LIBXML2_2_6_3

LIBXML2_2_6_4

LIBXML2_2_6_5

LIBXML2_2_6_6

LIBXML2_2_6_7

LIBXML2_2_6_8

LIBXML2_2_6_9

LIBXML2_6_0

LIBXML_0_99

LIBXML_1_5_0

LIBXML_1_8_5

LIBXML_1_8_6

LIBXML_2_0_0

LIBXML_2_1_0

LIBXML_2_1_1

LIBXML_2_2_1

LIBXML_2_2_3

LIBXML_2_2_4

LIBXML_2_2_6

LIBXML_2_2_7

LIBXML_2_2_8

LIBXML_2_3_0

LIBXML_2_3_10

LIBXML_2_3_11

LIBXML_2_3_12

LIBXML_2_3_13

LIBXML_2_3_14

LIBXML_2_3_2

LIBXML_2_3_3

LIBXML_2_3_4

LIBXML_2_3_5

LIBXML_2_3_6

LIBXML_2_3_7

LIBXML_2_3_8

LIBXML_2_3_9

LIBXML_2_4_0

LIBXML_2_4_11

LIBXML_2_4_12

LIBXML_2_4_13

LIBXML_2_4_14

LIBXML_2_4_16

LIBXML_2_4_18

LIBXML_2_4_2

LIBXML_2_4_20

LIBXML_2_4_22

LIBXML_2_4_23

LIBXML_2_4_24

LIBXML_2_4_25

LIBXML_2_4_26

LIBXML_2_4_27

LIBXML_2_4_29

LIBXML_2_4_3

LIBXML_2_4_30

LIBXML_2_4_4

LIBXML_2_4_6

LIBXML_2_4_7

LIBXML_2_5_1

LIBXML_2_5_2

LIBXML_2_5_3

LIBXML_2_5_4

LIBXML_2_5_5

LIBXML_2_5_6

LIBXML_2_6_10

LIBXML_TEST_2_0_0

LIB_XML_1_1

LIB_XML_1_3

LIB_XML_1_4

LIB_XML_1_6_1

LIB_XML_1_6_2

LIB_XML_1_7_0

LIB_XML_1_7_1

LIB_XML_1_7_3

LIB_XML_1_8_3

LIB_XML_1_X

PRE_MUCKUP

PRE_MUCKUP2

PRE_MUCKUP3

help

LIBXML2.*

LIBXML2.6.32

LIBXML2.7.0

LIBXML2.7.1

LIBXML2.7.2

LIBXML2.7.3

v2.*

v2.10.0

v2.10.1

v2.10.2

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.8.0

v2.8.0-rc1

v2.8.0-rc2

v2.9.0

v2.9.0-rc2

v2.9.1

v2.9.10

v2.9.10-rc1

v2.9.11

v2.9.12

v2.9.13

v2.9.2

v2.9.2-rc1

v2.9.2-rc2

v2.9.3

v2.9.4

v2.9.4-rc1

v2.9.4-rc2

v2.9.5

v2.9.5-rc1

v2.9.5-rc2

v2.9.6

v2.9.6-rc1

v2.9.7

v2.9.7-rc1

v2.9.8

v2.9.8-rc1

v2.9.9

v2.9.9-rc1

v2.9.9-rc2