CVE-2022-40304 : An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity def

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Published 2022-11-23 18:15:12

Updated 2025-04-28 20:15:20

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2022-40304

Apple » Iphone Os
Versions before (<) 15.7.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Watchos
Versions before (<) 9.2
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Matching versions
Apple » Tvos
Versions before (<) 16.2
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions
Apple » Macos
Versions from including (>=) 12.0 and before (<) 12.6.2
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions
Apple » Macos
Versions from including (>=) 11.0 and before (<) 11.7.2
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Matching versions
Apple » Ipados
Versions before (<) 15.7.2
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Matching versions
Xmlsoft » Libxml2
Versions before (<) 2.10.3
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Matching versions
Netapp » Clustered Data Ontap » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Matching versions
Netapp » Snapmanager » Version: N/A For Hyper-v
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*
Matching versions
Netapp » Clustered Data Ontap Antivirus Connector » Version: N/A
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
Matching versions
Netapp » Smi-s Provider » Version: N/A
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
Matching versions
Netapp » Active Iq Unified Manager » Version: N/A For Vmware Vsphere
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Manageability Software Development Kit » Version: N/A
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
Matching versions
Netapp » H410c Firmware » Version: N/A
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410c » Version: N/A
Netapp » H300s Firmware » Version: N/A
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H300s » Version: N/A
Netapp » H500s Firmware » Version: N/A
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H500s » Version: N/A
Netapp » H700s Firmware » Version: N/A
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H700s » Version: N/A
Netapp » H410s Firmware » Version: N/A
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Netapp » H410s » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-40304

EPSS FAQ

0.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 21 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-40304

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-04-28
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-40304

CWE-415 Double Free

The product calls free() twice on the same memory address.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-40304

https://support.apple.com/kb/HT213533

About the security content of macOS Monterey 12.6.2 - Apple Support
Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT213535

About the security content of tvOS 16.2 - Apple Support
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Dec/27

Full Disclosure: APPLE-SA-2022-12-13-8 watchOS 9.2

CVEs referencing this url
https://support.apple.com/kb/HT213536

About the security content of watchOS 9.2 - Apple Support
Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT213531

About the security content of iOS 15.7.2 and iPadOS 15.7.2 - Apple Support
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Dec/21

Full Disclosure: APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
Mailing List;Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Dec/25

Full Disclosure: APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
Mailing List;Third Party Advisory

CVEs referencing this url
https://support.apple.com/kb/HT213534

About the security content of macOS Big Sur 11.7.2 - Apple Support
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Dec/24

Full Disclosure: APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
Mailing List;Third Party Advisory

CVEs referencing this url
https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

v2.10.3 · Tags · GNOME / libxml2 · GitLab
Patch;Release Notes;Third Party Advisory

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20221209-0003/

November 2022 Libxml2 Vulnerabilities in NetApp Products | NetApp Product Security
Third Party Advisory

CVEs referencing this url
http://seclists.org/fulldisclosure/2022/Dec/26

Full Disclosure: APPLE-SA-2022-12-13-7 tvOS 16.2
Mailing List;Third Party Advisory

CVEs referencing this url
https://gitlab.gnome.org/GNOME/libxml2/-/tags

Tags · GNOME / libxml2 · GitLab
Release Notes;Third Party Advisory

CVEs referencing this url
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b

[CVE-2022-40304] Fix dict corruption caused by entity reference cycles (1b41ec4e) · Commits · GNOME / libxml2 · GitLab
Patch;Third Party Advisory

Jump to

Vulnerability Details : CVE-2022-40304

Products affected by CVE-2022-40304

Exploit prediction scoring system (EPSS) score for CVE-2022-40304

CVSS scores for CVE-2022-40304

CWE ids for CVE-2022-40304

References for CVE-2022-40304