CVE-2022-40303

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-40303
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-11-23 00:15:00 UTC
Updated2023-11-07 03:52:00 UTC
DescriptionAn issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Apple Ipados All All All All
Operating System Apple Iphone Os All All All All
Operating System Apple Macos All All All All
Operating System Apple Tvos All All All All
Operating System Apple Watchos All All All All
Application Netapp Active Iq Unified Manager - All All All
Application Netapp Active Iq Unified Manager For Vmware Vsphere - All All All
Application Netapp Clustered Data Ontap - All All All
Application Netapp Clustered Data Ontap Antivirus Connector - All All All
Hardware Netapp H300s - All All All
Operating System Netapp H300s Firmware - All All All
Hardware Netapp H410c - All All All
Operating System Netapp H410c Firmware - All All All
Hardware Netapp H410s - All All All
Operating System Netapp H410s Firmware - All All All
Hardware Netapp H500s - All All All
Operating System Netapp H500s Firmware - All All All
Hardware Netapp H700s - All All All
Operating System Netapp H700s Firmware - All All All
Application Netapp Netapp Manageability Sdk - All All All
Application Netapp Ontap Select Deploy Administration Utility - All All All
Application Netapp Snapmanager - All All All
Application Xmlsoft Libxml2 All All All All

References

ReferenceSourceLinkTags
About the security content of watchOS 9.2 - Apple Support CONFIRM support.apple.com
About the security content of iOS 15.7.2 and iPadOS 15.7.2 - Apple Support CONFIRM support.apple.com
About the security content of macOS Big Sur 11.7.2 - Apple Support CONFIRM support.apple.com
About the security content of macOS Monterey 12.6.2 - Apple Support CONFIRM support.apple.com
Full Disclosure: APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2 FULLDISC seclists.org
About the security content of tvOS 16.2 - Apple Support CONFIRM support.apple.com
Full Disclosure: APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2 FULLDISC seclists.org
[CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE (c8469863) · Commits · GNOME / libxml2 · GitLab MISC gitlab.gnome.org
Full Disclosure: APPLE-SA-2022-12-13-8 watchOS 9.2 seclists.org
Full Disclosure: APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2 FULLDISC seclists.org
November 2022 Libxml2 Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
v2.10.3 · Tags · GNOME / libxml2 · GitLab MISC gitlab.gnome.org
20221220 APPLE-SA-2022-12-13-7 tvOS 16.2 FULLDISC seclists.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160396 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2023-0173)
  • 160413 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2023-0338)
  • 181179 Debian Security Update for libxml2 (DLA 3172-1)
  • 181192 Debian Security Update for libxml2 (DSA 5271-1)
  • 182901 Debian Security Update for libxml2 (CVE-2022-40303)
  • 199063 Ubuntu Security Notification for libxml2 Vulnerabilities (USN-5760-1)
  • 241064 Red Hat Update for libxml2 (RHSA-2023:0173)
  • 241093 Red Hat Update for libxml2 (RHSA-2023:0338)
  • 242753 Red Hat Update for libxml2 (RHSA-2024:0413)
  • 283234 Fedora Security Update for libxml2 (FEDORA-2022-aeafd24818)
  • 283465 Fedora Security Update for libxml2 (FEDORA-2022-a6812b0224)
  • 330130 IBM AIX Arbitrary Code Execution Vulnerability in libxml2 (libxml2_advisory3)
  • 354430 Amazon Linux Security Advisory for libxml2 : ALAS2022-2022-258
  • 354487 Amazon Linux Security Advisory for xmlsec1 : ALAS2022-2022-257
  • 354559 Amazon Linux Security Advisory for xmlsec1 : ALAS-2022-257
  • 354560 Amazon Linux Security Advisory for libxml2 : ALAS-2022-258
  • 354834 Amazon Linux Security Advisory for libxml2 : ALAS2-2023-1996
  • 354929 Amazon Linux Security Advisory for libxml2 : ALAS-2023-1743
  • 355209 Amazon Linux Security Advisory for libxml2 : ALAS2023-2023-096
  • 355268 Amazon Linux Security Advisory for xmlsec1 : ALAS2023-2023-097
  • 356980 Amazon Linux Security Advisory for libxml2 : AL2012-2023-464
  • 377762 Apple MacOS Ventura 13.0.1 Not Installed (HT213504)
  • 377831 Apple macOS Monterey 12.6.2 Not Installed (HT213533)
  • 377832 Apple macOS Big Sur 11.7.2 Not Installed (HT213534)
  • 377902 Alibaba Cloud Linux Security Update for libxml2 (ALINUX3-SA-2023:0008)
  • 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
  • 502547 Alpine Linux Security Update for libxml2
  • 502741 Alpine Linux Security Update for libxml2
  • 610450 Apple iOS 16.1.1 and iPadOS 16.1.1 Security Update Missing
  • 610455 Apple iOS 15.7.2 and iPadOS 15.7.2 Security Update Missing
  • 610470 Google Pixel Android March 2023 Security Patch Missing
  • 610486 Google Android April 2023 Security Patch Missing for Huawei EMUI
  • 672422 EulerOS Security Update for libxml2 (EulerOS-SA-2022-2800)
  • 672493 EulerOS Security Update for libxml2 (EulerOS-SA-2023-1016)
  • 672514 EulerOS Security Update for libxml2 (EulerOS-SA-2023-1041)
  • 672550 EulerOS Security Update for libxml2 (EulerOS-SA-2023-1130)
  • 672571 EulerOS Security Update for libxml2 (EulerOS-SA-2023-1106)
  • 672616 EulerOS Security Update for libxml2 (EulerOS-SA-2023-1393)
  • 672665 EulerOS Security Update for libxml2 (EulerOS-SA-2023-1365)
  • 672769 EulerOS Security Update for libxml2 (EulerOS-SA-2023-1510)
  • 710675 Gentoo Linux libxml2 Multiple Vulnerabilities (GLSA 202210-39)
  • 752695 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2022:3692-1)
  • 752722 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2022:3717-1)
  • 752764 SUSE Enterprise Linux Security Update for libxml2 (SUSE-SU-2022:3871-1)
  • 904558 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (11474)
  • 904562 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (11471)
  • 904624 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (11474-1)
  • 904644 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (11471-1)
  • 940884 AlmaLinux Security Update for libxml2 (ALSA-2023:0173)
  • 940901 AlmaLinux Security Update for libxml2 (ALSA-2023:0338)
  • 960535 Rocky Linux Security Update for libxml2 (RLSA-2023:0173)
  • 960547 Rocky Linux Security Update for libxml2 (RLSA-2023:0338)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report