ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

CVE-2022-40304

Updated: 2025-08-20 03:02:25.498106

Description:

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x		0.0
CVSS Version 3.x	HIGH	7.8

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated
AlmaLinux 9.2 ESU	libxml2	2.9.13	7.8	HIGH	Already Fixed		2023-11-08 08:35:55
CentOS 6 ELS	libxml2	2.7.6	7.8	HIGH	Released	CLSA-2022:1670521677	2022-12-29 19:54:05
CentOS 7 ELS	libxml2	2.9.1	7.8	HIGH	Released	CLSA-2023:1696537106	2023-10-05 17:08:29
CentOS 8.4 ELS	libxml2	2.9.7-9	7.8	HIGH	Released	CLSA-2022:1670523403	2022-12-08 16:03:07
CentOS 8.5 ELS	libxml2	2.9.7-9	7.8	HIGH	Released	CLSA-2022:1670523520	2022-12-08 16:03:08
CloudLinux 6 ELS	libxml2	2.7.6	7.8	HIGH	Released	CLSA-2022:1670522760	2022-12-29 19:54:05
Debian 10 ELS	libxml2	2.9.4	7.8	HIGH	Already Fixed		2025-10-23 15:01:31
Oracle Linux 6 ELS	libxml2	2.7.6	7.8	HIGH	Released	CLSA-2022:1670522857	2022-12-08 16:03:07
Ubuntu 16.04 ELS	libxml2	2.9.3	7.8	HIGH	Released	CLSA-2022:1670518262	2022-12-08 13:03:12
Ubuntu 18.04 ELS	libxml2	2.9.4	7.8	HIGH	Already Fixed		2023-06-02 09:09:52