[Debian] CVE: CVE-2022-40303: libxml2: leading to a segmentation fault
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Wentao Zhang |
Bug Description
CVE-2022-40303: https:/
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2022-40674 fixed 7.5 N L N N H
References:
https:/
['libxml2-
CVE References
information type: | Public → Public Security |
Changed in starlingx: | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: stx.8.0 stx.security |
Changed in starlingx: | |
assignee: | nobody → Wentao Zhang (wzhang4) |
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/868153
Review: https:/