cbcvebase.
CVE-2022-40303
published 2022-11-23

CVE-2022-40303: An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer…

PriorityP276high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
22.79%
97.4th percentile
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
appleios_15.7.2_and_ipados
appleios_16.1.1_and_ipados
appleipados< 15.7.215.7.2
appleiphone_os< 15.7.215.7.2
applemacos>= 11.0 < 11.7.211.7.2
applemacos>= 12.0 < 12.6.212.6.2
applemacos_big_sur
applemacos_monterey
applemacos_ventura
appletvos< 16.216.2
appletvos16.2
applewatchos< 9.29.2
applewatchos
debianlibxml2< libxml2 2.9.14+dfsg-1.1 (bookworm)libxml2 2.9.14+dfsg-1.1 (bookworm)
gnuinetutils>= 0 < 2:1.9.4-11ubuntu0.22:1.9.4-11ubuntu0.2
gnuinetutils>= 0 < 2:2.2-2ubuntu0.12:2.2-2ubuntu0.1
gnuinetutils>= 0 < 2:1.9.2-1ubuntu0.1~esm22:1.9.2-1ubuntu0.1~esm2
gnuinetutils>= 0 < 2:1.9.4-1ubuntu0.1~esm32:1.9.4-1ubuntu0.1~esm3
gnuinetutils>= 0 < 2:1.9.4-3ubuntu0.1+esm22:1.9.4-3ubuntu0.1+esm2
msrccbl2_libxml2_2.10.3-1_on_cbl_mariner_2.0
msrccm1_libxml2_2.9.14-3_on_cbl_mariner_1.0
nokogirinokogiri>= 0 < 1.13.91.13.9
paloaltopan-os
platformexternal_libxml2>= 13:0 < 13:2023-03-0113:2023-03-01
xmlsoftlibxml2< 2.10.32.10.3

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-40303 affects libxml2 before version 2.10.3; trigger condition requires XML_PARSE_HUGE parser option to be enabled when parsing a multi-gigabyte XML document, causing integer counter overflow and negative 2GB array offset access
  • The vulnerability is an integer overflow in libxml2 XML parsing; detection should focus on anomalously large XML documents submitted to applications using libxml2 with XML_PARSE_HUGE enabled
  • Apple patched CVE-2022-40303 in iOS 16.1.1 and iPadOS 16.1.1; unpatched Apple devices running iOS prior to 16.1.1 are vulnerable to remote-triggered unexpected app termination or arbitrary code execution via crafted XML
  • libxml2 incorrectly handled certain XML files leading to sensitive information exposure or crash; monitor for crashes or unexpected terminations in applications parsing XML with libxml2 < 2.10.3
  • ·The integer overflow vulnerability is only triggerable when the XML_PARSE_HUGE parser option is explicitly enabled; applications not using this flag are not directly vulnerable via this specific code path
  • ·Apple's tvOS 16.2 advisory attributes a different impact (Pointer Authentication bypass with arbitrary read/write) and a different component (Kernel) to the same CVE number, suggesting Apple may have reused the CVE identifier for a distinct issue; analysts should verify the correct scope when applying detections across Apple platforms

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.8HIGH
vulncheck7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.