ALT-PU-2023-2670-1
Closed vulnerabilities
Published: 2022-08-31
BDU:2022-06700
Уязвимость функции очистки объекта XML библиотеки анализа XML-документов libxml2, позволяющая нарушителю вызвать отказ в обслуживании
Severity: HIGH (8.2)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2022-06-22
BDU:2022-06701
Уязвимость функции xmlParseNameComplex() библиотеки анализа XML-документов libxml2, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: HIGH (8.2)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2022-11-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
- 20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
- 20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
- 20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
- 20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
- https://security.netapp.com/advisory/ntap-20221209-0003/
- https://security.netapp.com/advisory/ntap-20221209-0003/
- https://support.apple.com/kb/HT213531
- https://support.apple.com/kb/HT213531
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213534
- https://support.apple.com/kb/HT213534
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213536
- https://support.apple.com/kb/HT213536
Published: 2022-11-23
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
- 20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
- 20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
- 20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
- 20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
- https://gitlab.gnome.org/GNOME/libxml2/-/tags
- https://gitlab.gnome.org/GNOME/libxml2/-/tags
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
- https://security.netapp.com/advisory/ntap-20221209-0003/
- https://security.netapp.com/advisory/ntap-20221209-0003/
- https://support.apple.com/kb/HT213531
- https://support.apple.com/kb/HT213531
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213534
- https://support.apple.com/kb/HT213534
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213536
- https://support.apple.com/kb/HT213536