CVE-2022-29824

CWE-190Integer OverflowCWE-787Out-of-bounds Write19 documents14 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 77.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Xmlsoft Libxml2Xmlsoft LibxsltDebian Debian Linux+2 more
Timeline
PublishedMay 3
Latest updateJan 15

Description

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

NVDxmlsoft/libxml2< 2.9.14
Debianlibxml2< 2.9.10+dfsg-6.7+deb11u2+3
Ubuntulibxml2< 2.9.4+dfsg1-6.1ubuntu1.6+4
NVDxmlsoft/libxslt1.1.35
RubyGemsnokogiri< 1.13.5

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35, 36

Patches

Patch: gitlab.gnome.orgPatch: gitlab.gnome.orgPatch: www.oracle.com

🔴Vulnerability Details

6
GHSA
Integer Overflow or Wraparound in libxml2 affects Nokogiri2022-05-18
OSV
Integer Overflow or Wraparound in libxml2 affects Nokogiri2022-05-18
OSV
libxml2 vulnerabilities2022-05-16
GHSA
GHSA-3rrw-pv9w-qgch: In libxml2 before 22022-05-04
CVEList
CVE-2022-29824: In libxml2 before 22022-05-03

💥Exploits & PoCs

1
Nuclei
Ivanti EPM - Remote Code Execution

📋Vendor Advisories

7
Oracle
Oracle Oracle Communications Risk Matrix: Install/Upgrade (libxml2) — CVE-2022-298242023-01-15
Oracle
Oracle Oracle Communications Risk Matrix: Configuration (libxml2) — CVE-2022-298242022-10-15
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2022-298242022-07-27
Ubuntu
libxml2 vulnerabilities2022-05-16
Microsoft
In libxml2 before 2.9.14 several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation re2022-05-10