Vulnerability Details : CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Vulnerability category: OverflowMemory Corruption
Products affected by CVE-2022-40303
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*
- cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
- cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:a:netapp:netapp_manageability_sdk:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-40303
0.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-40303
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-40303
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-40303
-
https://support.apple.com/kb/HT213533
About the security content of macOS Monterey 12.6.2 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT213535
About the security content of tvOS 16.2 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT213536
About the security content of watchOS 9.2 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT213531
About the security content of iOS 15.7.2 and iPadOS 15.7.2 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2022/Dec/21
Full Disclosure: APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2022/Dec/25
Full Disclosure: APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT213534
About the security content of macOS Big Sur 11.7.2 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2022/Dec/24
Full Disclosure: APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2Mailing List;Third Party Advisory
-
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
v2.10.3 · Tags · GNOME / libxml2 · GitLabRelease Notes;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20221209-0003/
November 2022 Libxml2 Vulnerabilities in NetApp Products | NetApp Product SecurityThird Party Advisory
-
http://seclists.org/fulldisclosure/2022/Dec/26
Full Disclosure: APPLE-SA-2022-12-13-7 tvOS 16.2Mailing List;Third Party Advisory
-
https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
[CVE-2022-40303] Fix integer overflows with XML_PARSE_HUGE (c8469863) · Commits · GNOME / libxml2 · GitLabPatch;Third Party Advisory
Jump to