Vulnerability Name:

CVE-2022-40304 (CCN-238603)

Assigned:2022-10-14
Published:2022-10-14
Updated:2023-02-23
Summary:An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-415
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-40304

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: XF
Type: UNKNOWN
gnome-cve202240304-code-exec(238603)

Source: cve@mitre.org
Type: Patch, Third Party Advisory
cve@mitre.org

Source: CCN
Type: libxml2 GIT Repository
libxml2 2.10.3

Source: cve@mitre.org
Type: Release Notes, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Patch, Release Notes, Third Party Advisory
cve@mitre.org

Source: CCN
Type: Packet Storm Security [11-14-2022]
libxml2 Attribute Parsing Double-Free

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: CCN
Type: IBM Security Bulletin 6857613 (MQ Operator)
BM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from libxml2, expat, libtasn1 and systemd

Source: CCN
Type: IBM Security Bulletin 6953825 (AIX)
AIX is vulnerable to arbitrary code execution due to libxml2 (CVE-2022-40303 and CVE-2022-40304)

Source: CCN
Type: IBM Security Bulletin 6967291 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Source: CCN
Type: IBM Security Bulletin 6967669 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to an arbitrary code execution in Gnome libxml2 (CVE-2022-40304)

Source: CCN
Type: IBM Security Bulletin 6984171 (Cloud Pak for Network Automation)
IBM Cloud Pak for Network Automation 2.4.5 addresses multiple security vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6986569 (MQ Appliance)
IBM MQ Appliance is affected by multiple open source vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7001867 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 7006449 (DS8900F)
Vulnerabilities have been identified in OpenSSL, Apache HTTP Server and other system libraries shipped with the DS8000 Hardware Management Console (HMC)

Source: CCN
Type: IBM Security Bulletin 7010055 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Gnome ibxml2 arbitrary code execution vulnerabilities( CVE-2022-40304, CVE-2022-40303)

Source: CCN
Type: IBM Security Bulletin 7011035 (Watson Assistant for Cloud Pak for Data)
IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Python

Source: CCN
Type: IBM Security Bulletin 7014939 (Cloud Pak for Watson AIOps)
Multiple Vulnerabilities in CloudPak for Watson AIOps

Source: CCN
Type: Mend Vulnerability Database
CVE-2022-40304

Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*
  • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*
  • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
  • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*
  • Configuration RedHat 5:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*
  • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*
  • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:9:*:*:*:*:*:*:*
  • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:9::baseos:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:ibm:aix:7.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:vios:3.1:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:aix:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7702
    P
    libxml2-2-2.10.3-150500.3.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20230338
    P
    RHSA-2023:0338: libxml2 security update (Moderate)
    2023-01-23
    oval:com.redhat.rhsa:def:20230173
    P
    RHSA-2023:0173: libxml2 security update (Moderate)
    2023-01-16
    oval:org.opensuse.security:def:51937
    P
    Security update for libxml2 (Important)
    2022-10-21
    BACK
    ibm aix 7.2
    ibm vios 3.1
    ibm aix 7.3
    ibm robotic process automation for cloud pak 21.0.1
    ibm cloud pak for security 1.10.0.0