| Vulnerability Name: | CVE-2022-2309 (CCN-230470) | ||||||||||||||||||
| Assigned: | 2022-06-18 | ||||||||||||||||||
| Published: | 2022-06-18 | ||||||||||||||||||
| Updated: | 2022-10-28 | ||||||||||||||||||
| Summary: | NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | ||||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C)
6.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
| ||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||||
| Vulnerability Type: | CWE-476 | ||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-2309 Source: XF Type: UNKNOWN libxml2-cve20222309-dos(230470) Source: CCN Type: lxml GIT Repository Fix a crash when incorrect parser input occurs together with usages of iterwalk() on trees generated by the same parser. Source: MISC Type: Patch, Third Party Advisory https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f Source: CONFIRM Type: Exploit, Issue Tracking, Patch, Third Party Advisory https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba Source: CCN Type: huntr Web site NULL Pointer Dereference in function _appendStartNsEvents in lxml/lxml Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-ed17f59c1d Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2022-ed0eeb6a20 Source: GENTOO Type: Third Party Advisory GLSA-202208-06 Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20220915-0006/ | ||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: Configuration RedHat 10: Configuration RedHat 11: Configuration RedHat 12: Configuration RedHat 13: Configuration RedHat 14: Configuration RedHat 15: Configuration RedHat 16: Configuration RedHat 17: Configuration RedHat 18: Configuration RedHat 19: Configuration RedHat 20: Configuration RedHat 21: Configuration RedHat 22: Configuration RedHat 23: Configuration RedHat 24: Configuration RedHat 25: Configuration RedHat 26: Configuration RedHat 27: Configuration RedHat 28: Configuration RedHat 29: Configuration RedHat 30: Configuration RedHat 31: Configuration RedHat 32: Configuration RedHat 33: Configuration RedHat 34: Configuration RedHat 35: Configuration RedHat 36: Configuration RedHat 37: Configuration RedHat 38: Configuration RedHat 39: Configuration RedHat 40: Configuration RedHat 41: Configuration RedHat 42: Configuration RedHat 43: Configuration RedHat 44: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||
| Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
| BACK | |||||||||||||||||||