CVE-2022-40304
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2022/Dec/21http://seclists.org/fulldisclosure/2022/Dec/24http://seclists.org/fulldisclosure/2022/Dec/25http://seclists.org/fulldisclosure/2022/Dec/26http://seclists.org/fulldisclosure/2022/Dec/27https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80bhttps://gitlab.gnome.org/GNOME/libxml2/-/tagshttps://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3https://security.netapp.com/advisory/ntap-20221209-0003/https://support.apple.com/kb/HT213531https://support.apple.com/kb/HT213533https://support.apple.com/kb/HT213534