CVE-2022-29824
CVSS v3.1
6.5 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.15 % (52th)
Affected Products
24
Advisories
20
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
Weaknesses
- CWE-190
- Integer Overflow or Wraparound
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2022-05-03 03:15:06
(2 years ago) - Updated Date
-
2023-11-07 03:46:05
(10 months ago)
Affected Products
- Active Iq Unified Manager
- Clustered Data Ontap
- Clustered Data Ontap Antivirus Connector
- Manageability Software Development Kit
- Ontap Select Deploy Administration Utility
- Smi-s Provider
- Snapdrive
- Snapmanager
- Solidfire \& Hci Management Node
- H300s
- H410c
- H410s
- H500s
- H700s
- H300s Firmware
- H410c Firmware
- H410s Firmware
- H500s Firmware
- H700s Firmware
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Configuration #6
AND |
|
---|
Configuration #7
AND |
|
---|
Configuration #8
AND |
|
---|
Configuration #9
AND |
|
---|
Configuration #10
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...