Vulnerability Name:

CVE-2022-40303 (CCN-238602)

Assigned:2022-10-14
Published:2022-10-14
Updated:2023-01-11
Summary:An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.5 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-190
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-40303

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
gnome-cve202240303-integer-overflow(238602)

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: libxml2 GIT Repository
libxml2 2.10.3

Source: cve@mitre.org
Type: Release Notes, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Packet Storm Security [11-14-2022]
libxml2 xmlParseNameComplex Integer Overflow

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6857613 (MQ Operator)
BM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libxml2, expat, libtasn1 and systemd

Source: CCN
Type: IBM Security Bulletin 6953825 (AIX)
AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)

Source: CCN
Type: IBM Security Bulletin 6967291 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Source: CCN
Type: IBM Security Bulletin 6967667 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40303)

Source: CCN
Type: IBM Security Bulletin 6984171 (Cloud Pak for Network Automation)
IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6986569 (MQ Appliance)
IBM MQ Appliance is affected by multiple open source vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7001867 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7006449 (DS8900F)
Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)

Source: CCN
Type: IBM Security Bulletin 7009741 (Security Verify Access)
Security Vulnerabilities fixed in IBM Security Verify Access (CVE-2022-40303)

Source: CCN
Type: IBM Security Bulletin 7010055 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Gnome ibxml2 arbitrary code execution vulnerabilities( CVE-2022-40304, CVE-2022-40303)

Source: CCN
Type: IBM Security Bulletin 7011035 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Python

Source: CCN
Type: IBM Security Bulletin 7014939 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOps

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-40303

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*
    • Configuration RedHat 5:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*
    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access:10.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7702
    P
    		libxml2-2-2.10.3-150500.3.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20230338
    P
    		RHSA-2023:0338: libxml2 security update (Moderate)
    2023-01-23
    oval:com.redhat.rhsa:def:20230173
    P
    		RHSA-2023:0173: libxml2 security update (Moderate)
    2023-01-16
    oval:org.opensuse.security:def:51937
    P
    		Security update for libxml2 (Important)
    2022-10-21
    BACK
    ibm aix 7.2
    ibm vios 3.1
    ibm security verify access 10.0.0.0
    ibm aix 7.3
    ibm robotic process automation for cloud pak 21.0.1
    ibm cloud pak for security 1.10.0.0