{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-40304", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2022-12-21T00:00:00", "dateReserved": "2022-09-09T00:00:00", "datePublished": "2022-11-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-12-21T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"}, {"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"}, {"url": "https://security.netapp.com/advisory/ntap-20221209-0003/"}, {"url": "https://support.apple.com/kb/HT213534"}, {"url": "https://support.apple.com/kb/HT213533"}, {"url": "https://support.apple.com/kb/HT213531"}, {"url": "https://support.apple.com/kb/HT213536"}, {"url": "https://support.apple.com/kb/HT213535"}, {"name": "20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/21"}, {"name": "20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/25"}, {"name": "20221220 APPLE-SA-2022-12-13-7 tvOS 16.2", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/26"}, {"name": "20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/24"}, {"name": "20221220 APPLE-SA-2022-12-13-8 watchOS 9.2", "tags": ["mailing-list"], "url": "http://seclists.org/fulldisclosure/2022/Dec/27"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A677043-FA7F-4C59-B1E4-242ABBA60ED7", "versionEndExcluding": "2.10.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*", "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*", "matchCriteriaId": "D39DCAE7-494F-40B2-867F-6C6A077939DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*", "matchCriteriaId": "80774A35-B0B8-4F9C-99CA-23849978D158", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "C5892A8E-3D71-4ED7-ABFC-973DE74C2AD7", "versionEndExcluding": "15.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B03CFDD-AC66-4B07-A8CB-E026FCB8A1AE", "versionEndExcluding": "15.7.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5867A268-292B-4DB2-8CA7-DE06D7125E2F", "versionEndExcluding": "11.7.2", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E5F532D-8E16-48F4-8612-4D51D1BD38FB", "versionEndExcluding": "12.6.2", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "matchCriteriaId": "400AD564-BDEC-4C81-B650-56357BEBF0C7", "versionEndExcluding": "16.2", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A9F3F63-6BF8-4DD5-97FD-D9C90A62ECB0", "versionEndExcluding": "9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en libxml2 antes de la versi\u00f3n 2.10.3. Ciertas definiciones de entidades XML no v\u00e1lidas pueden da\u00f1ar la clave de una tabla hash, lo que podr\u00eda provocar errores l\u00f3gicos posteriores. En un caso, se puede provocar un double-free."}], "id": "CVE-2022-40304", "lastModified": "2023-11-07T03:52:15.353", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-23T18:15:12.167", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/21"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/24"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/25"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2022/Dec/26"}, {"source": "cve@mitre.org", "url": "http://seclists.org/fulldisclosure/2022/Dec/27"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags"}, {"source": "cve@mitre.org", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20221209-0003/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213531"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213533"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213534"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213535"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT213536"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}