Extended Lifecycle Support CVE dashboard by TuxСare

CVEs Releases Projects

CVE-2022-29824

Updated: 2022-06-02 11:11:28.38801

Description:

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x MEDIUM 4.3
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Status Errata Last updated
CentOS 6 ELS libxml2 2.7.6 Ignored 2022-05-10 12:57:52.892594
CentOS 8.4 ELS libxml2 2.9.7-9 Ignored 2022-05-10 12:57:54.706277
CentOS 8.5 ELS libxml2 2.9.7-9 Ignored 2022-05-10 12:57:55.7127
CloudLinux 6 ELS libxml2 2.7.6 Ignored 2022-05-10 12:57:57.963957
Oracle Linux 6 ELS libxml2 2.7.6 Ignored 2022-05-10 12:57:53.831809
Ubuntu 16.04 ELS libxml2 2.9.3+dfsg1-1ubuntu0.7 In progress 2022-05-10 12:57:52.018495

Statement

Will not fix: low score