CVE-2022-40303

ADVISORY - nist

Summary

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.

EPSS Score⁠: 0.00134 (0.334)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-190⁠

Integer Overflow or Wraparound

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-190⁠

Integer Overflow or Wraparound

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-190⁠

Integer Overflow or Wraparound

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.