Logic Error Vulnerability in libxml2 Affecting Multiple Platforms
CVE-2022-40304

7.8HIGH

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 23 November 2022

What is CVE-2022-40304?

A flaw was identified in libxml2 versions before 2.10.3, where certain invalid XML entity definitions could lead to corruption of a hash table key. This situation can result in unpredictable logic errors within applications utilizing the library. In specific scenarios, this flaw may also trigger a double-free condition, posing risks to software stability and security.

References

https://gitlab.gnome.org/GNOME/libxml2/-/tags

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2022
Vulnerability Reserved
Sep 9, 2022

Xmlsoft

What is CVE-2022-40304?

References

CVSS V3.1

Timeline