Fluid Attacks Database

Description

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	libxml2	>=0 <2.9.14+dfsg-1.1	2.9.14+dfsg-1.1
alpine v3.16	libxml2	=2.7.2-r0 \|\| =2.7.3-r0 \|\| =2.7.6-r0 \|\| =2.7.6-r1 \|\| =2.7.6-r2 \|\| =2.7.6-r3 \|\| =2.7.7-r0 \|\| =2.7.7-r1 \|\| =2.7.7-r2 \|\| =2.7.7-r3 \|\| =2.7.7-r4 \|\| =2.7.8-r0 \|\| =2.7.8-r1 \|\| =2.7.8-r2 \|\| =2.7.8-r4 \|\| =2.7.8-r5 \|\| =2.7.8-r6 \|\| =2.7.8-r7 \|\| =2.7.8-r8 \|\| =2.8.0-r0 \|\| =2.8.0-r1 \|\| =2.9.0-r0 \|\| =2.9.0-r1 \|\| =2.9.0-r2 \|\| =2.9.0-r3 \|\| =2.9.1-r0 \|\| =2.9.1-r1 \|\| =2.9.1-r2 \|\| =2.9.10-r0 \|\| =2.9.10-r1 \|\| =2.9.10-r2 \|\| =2.9.10-r3 \|\| =2.9.10-r4 \|\| =2.9.10-r5 \|\| =2.9.10-r6 \|\| =2.9.10-r7 \|\| =2.9.12-r0 \|\| =2.9.12-r1 \|\| =2.9.12-r2 \|\| =2.9.12-r3 \|\| =2.9.13-r0 \|\| =2.9.14-r0 \|\| =2.9.14-r1 \|\| =2.9.2-r0 \|\| =2.9.2-r1 \|\| =2.9.2-r2 \|\| =2.9.3-r0 \|\| =2.9.4-r0 \|\| =2.9.4-r1 \|\| =2.9.4-r2 \|\| =2.9.4-r3 \|\| =2.9.4-r4 \|\| =2.9.5-r0 \|\| =2.9.6-r0 \|\| =2.9.6-r2 \|\| =2.9.7-r0 \|\| =2.9.7-r1 \|\| =2.9.8-r0 \|\| =2.9.8-r1 \|\| =2.9.8-r2 \|\| =2.9.9-r0 \|\| =2.9.9-r1 \|\| =2.9.9-r2 \|\| =2.9.9-r3 \|\| >=0 <2.9.14-r2	2.9.14-r2
debian 13	libxml2	>=0 <2.9.14+dfsg-1.1	2.9.14+dfsg-1.1
debian 14	libxml2	>=0 <2.9.14+dfsg-1.1	2.9.14+dfsg-1.1
rubygems	nokogiri	>=0 <1.13.9	1.13.9
alpine v3.13	libxml2	=2.7.2-r0 \|\| =2.7.3-r0 \|\| =2.7.6-r0 \|\| =2.7.6-r1 \|\| =2.7.6-r2 \|\| =2.7.6-r3 \|\| =2.7.7-r0 \|\| =2.7.7-r1 \|\| =2.7.7-r2 \|\| =2.7.7-r3 \|\| =2.7.7-r4 \|\| =2.7.8-r0 \|\| =2.7.8-r1 \|\| =2.7.8-r2 \|\| =2.7.8-r4 \|\| =2.7.8-r5 \|\| =2.7.8-r6 \|\| =2.7.8-r7 \|\| =2.7.8-r8 \|\| =2.8.0-r0 \|\| =2.8.0-r1 \|\| =2.9.0-r0 \|\| =2.9.0-r1 \|\| =2.9.0-r2 \|\| =2.9.0-r3 \|\| =2.9.1-r0 \|\| =2.9.1-r1 \|\| =2.9.1-r2 \|\| =2.9.10-r0 \|\| =2.9.10-r1 \|\| =2.9.10-r2 \|\| =2.9.10-r3 \|\| =2.9.10-r4 \|\| =2.9.10-r5 \|\| =2.9.10-r6 \|\| =2.9.10-r7 \|\| =2.9.11-r0 \|\| =2.9.12-r0 \|\| =2.9.13-r0 \|\| =2.9.14-r0 \|\| =2.9.14-r1 \|\| =2.9.2-r0 \|\| =2.9.2-r1 \|\| =2.9.2-r2 \|\| =2.9.3-r0 \|\| =2.9.4-r0 \|\| =2.9.4-r1 \|\| =2.9.4-r2 \|\| =2.9.4-r3 \|\| =2.9.4-r4 \|\| =2.9.5-r0 \|\| =2.9.6-r0 \|\| =2.9.6-r2 \|\| =2.9.7-r0 \|\| =2.9.7-r1 \|\| =2.9.8-r0 \|\| =2.9.8-r1 \|\| =2.9.8-r2 \|\| =2.9.9-r0 \|\| =2.9.9-r1 \|\| =2.9.9-r2 \|\| =2.9.9-r3 \|\| >=0 <2.9.14-r2	2.9.14-r2
alpine v3.14	libxml2	=2.7.2-r0 \|\| =2.7.3-r0 \|\| =2.7.6-r0 \|\| =2.7.6-r1 \|\| =2.7.6-r2 \|\| =2.7.6-r3 \|\| =2.7.7-r0 \|\| =2.7.7-r1 \|\| =2.7.7-r2 \|\| =2.7.7-r3 \|\| =2.7.7-r4 \|\| =2.7.8-r0 \|\| =2.7.8-r1 \|\| =2.7.8-r2 \|\| =2.7.8-r4 \|\| =2.7.8-r5 \|\| =2.7.8-r6 \|\| =2.7.8-r7 \|\| =2.7.8-r8 \|\| =2.8.0-r0 \|\| =2.8.0-r1 \|\| =2.9.0-r0 \|\| =2.9.0-r1 \|\| =2.9.0-r2 \|\| =2.9.0-r3 \|\| =2.9.1-r0 \|\| =2.9.1-r1 \|\| =2.9.1-r2 \|\| =2.9.10-r0 \|\| =2.9.10-r1 \|\| =2.9.10-r2 \|\| =2.9.10-r3 \|\| =2.9.10-r4 \|\| =2.9.10-r5 \|\| =2.9.10-r6 \|\| =2.9.10-r7 \|\| =2.9.12-r0 \|\| =2.9.12-r1 \|\| =2.9.13-r0 \|\| =2.9.14-r0 \|\| =2.9.14-r1 \|\| =2.9.2-r0 \|\| =2.9.2-r1 \|\| =2.9.2-r2 \|\| =2.9.3-r0 \|\| =2.9.4-r0 \|\| =2.9.4-r1 \|\| =2.9.4-r2 \|\| =2.9.4-r3 \|\| =2.9.4-r4 \|\| =2.9.5-r0 \|\| =2.9.6-r0 \|\| =2.9.6-r2 \|\| =2.9.7-r0 \|\| =2.9.7-r1 \|\| =2.9.8-r0 \|\| =2.9.8-r1 \|\| =2.9.8-r2 \|\| =2.9.9-r0 \|\| =2.9.9-r1 \|\| =2.9.9-r2 \|\| =2.9.9-r3 \|\| >=0 <2.9.14-r2	2.9.14-r2
alpine v3.15	libxml2	=2.7.2-r0 \|\| =2.7.3-r0 \|\| =2.7.6-r0 \|\| =2.7.6-r1 \|\| =2.7.6-r2 \|\| =2.7.6-r3 \|\| =2.7.7-r0 \|\| =2.7.7-r1 \|\| =2.7.7-r2 \|\| =2.7.7-r3 \|\| =2.7.7-r4 \|\| =2.7.8-r0 \|\| =2.7.8-r1 \|\| =2.7.8-r2 \|\| =2.7.8-r4 \|\| =2.7.8-r5 \|\| =2.7.8-r6 \|\| =2.7.8-r7 \|\| =2.7.8-r8 \|\| =2.8.0-r0 \|\| =2.8.0-r1 \|\| =2.9.0-r0 \|\| =2.9.0-r1 \|\| =2.9.0-r2 \|\| =2.9.0-r3 \|\| =2.9.1-r0 \|\| =2.9.1-r1 \|\| =2.9.1-r2 \|\| =2.9.10-r0 \|\| =2.9.10-r1 \|\| =2.9.10-r2 \|\| =2.9.10-r3 \|\| =2.9.10-r4 \|\| =2.9.10-r5 \|\| =2.9.10-r6 \|\| =2.9.10-r7 \|\| =2.9.12-r0 \|\| =2.9.12-r1 \|\| =2.9.12-r2 \|\| =2.9.13-r0 \|\| =2.9.14-r0 \|\| =2.9.14-r1 \|\| =2.9.2-r0 \|\| =2.9.2-r1 \|\| =2.9.2-r2 \|\| =2.9.3-r0 \|\| =2.9.4-r0 \|\| =2.9.4-r1 \|\| =2.9.4-r2 \|\| =2.9.4-r3 \|\| =2.9.4-r4 \|\| =2.9.5-r0 \|\| =2.9.6-r0 \|\| =2.9.6-r2 \|\| =2.9.7-r0 \|\| =2.9.7-r1 \|\| =2.9.8-r0 \|\| =2.9.8-r1 \|\| =2.9.8-r2 \|\| =2.9.9-r0 \|\| =2.9.9-r1 \|\| =2.9.9-r2 \|\| =2.9.9-r3 \|\| >=0 <2.9.14-r2	2.9.14-r2
alpine v3.17	libxml2	=2.10.0-r0 \|\| =2.10.1-r0 \|\| =2.10.2-r0 \|\| =2.10.2-r1 \|\| =2.7.2-r0 \|\| =2.7.3-r0 \|\| =2.7.6-r0 \|\| =2.7.6-r1 \|\| =2.7.6-r2 \|\| =2.7.6-r3 \|\| =2.7.7-r0 \|\| =2.7.7-r1 \|\| =2.7.7-r2 \|\| =2.7.7-r3 \|\| =2.7.7-r4 \|\| =2.7.8-r0 \|\| =2.7.8-r1 \|\| =2.7.8-r2 \|\| =2.7.8-r4 \|\| =2.7.8-r5 \|\| =2.7.8-r6 \|\| =2.7.8-r7 \|\| =2.7.8-r8 \|\| =2.8.0-r0 \|\| =2.8.0-r1 \|\| =2.9.0-r0 \|\| =2.9.0-r1 \|\| =2.9.0-r2 \|\| =2.9.0-r3 \|\| =2.9.1-r0 \|\| =2.9.1-r1 \|\| =2.9.1-r2 \|\| =2.9.10-r0 \|\| =2.9.10-r1 \|\| =2.9.10-r2 \|\| =2.9.10-r3 \|\| =2.9.10-r4 \|\| =2.9.10-r5 \|\| =2.9.10-r6 \|\| =2.9.10-r7 \|\| =2.9.12-r0 \|\| =2.9.12-r1 \|\| =2.9.12-r2 \|\| =2.9.12-r3 \|\| =2.9.13-r0 \|\| =2.9.14-r0 \|\| =2.9.14-r1 \|\| =2.9.2-r0 \|\| =2.9.2-r1 \|\| =2.9.2-r2 \|\| =2.9.3-r0 \|\| =2.9.4-r0 \|\| =2.9.4-r1 \|\| =2.9.4-r2 \|\| =2.9.4-r3 \|\| =2.9.4-r4 \|\| =2.9.5-r0 \|\| =2.9.6-r0 \|\| =2.9.6-r2 \|\| =2.9.7-r0 \|\| =2.9.7-r1 \|\| =2.9.8-r0 \|\| =2.9.8-r1 \|\| =2.9.8-r2 \|\| =2.9.9-r0 \|\| =2.9.9-r1 \|\| =2.9.9-r2 \|\| =2.9.9-r3 \|\| >=0 <2.10.3-r0	2.10.3-r0
alpine v3.18	libxml2	=2.10.0-r0 \|\| =2.10.1-r0 \|\| =2.10.2-r0 \|\| =2.10.2-r1 \|\| =2.7.2-r0 \|\| =2.7.3-r0 \|\| =2.7.6-r0 \|\| =2.7.6-r1 \|\| =2.7.6-r2 \|\| =2.7.6-r3 \|\| =2.7.7-r0 \|\| =2.7.7-r1 \|\| =2.7.7-r2 \|\| =2.7.7-r3 \|\| =2.7.7-r4 \|\| =2.7.8-r0 \|\| =2.7.8-r1 \|\| =2.7.8-r2 \|\| =2.7.8-r4 \|\| =2.7.8-r5 \|\| =2.7.8-r6 \|\| =2.7.8-r7 \|\| =2.7.8-r8 \|\| =2.8.0-r0 \|\| =2.8.0-r1 \|\| =2.9.0-r0 \|\| =2.9.0-r1 \|\| =2.9.0-r2 \|\| =2.9.0-r3 \|\| =2.9.1-r0 \|\| =2.9.1-r1 \|\| =2.9.1-r2 \|\| =2.9.10-r0 \|\| =2.9.10-r1 \|\| =2.9.10-r2 \|\| =2.9.10-r3 \|\| =2.9.10-r4 \|\| =2.9.10-r5 \|\| =2.9.10-r6 \|\| =2.9.10-r7 \|\| =2.9.12-r0 \|\| =2.9.12-r1 \|\| =2.9.12-r2 \|\| =2.9.12-r3 \|\| =2.9.13-r0 \|\| =2.9.14-r0 \|\| =2.9.14-r1 \|\| =2.9.2-r0 \|\| =2.9.2-r1 \|\| =2.9.2-r2 \|\| =2.9.3-r0 \|\| =2.9.4-r0 \|\| =2.9.4-r1 \|\| =2.9.4-r2 \|\| =2.9.4-r3 \|\| =2.9.4-r4 \|\| =2.9.5-r0 \|\| =2.9.6-r0 \|\| =2.9.6-r2 \|\| =2.9.7-r0 \|\| =2.9.7-r1 \|\| =2.9.8-r0 \|\| =2.9.8-r1 \|\| =2.9.8-r2 \|\| =2.9.9-r0 \|\| =2.9.9-r1 \|\| =2.9.9-r2 \|\| =2.9.9-r3 \|\| >=0 <2.10.3-r0	2.10.3-r0

1-10 of 23

Aliases

1. CVE-2022-403042. NVD-2022-403043. OSV-DEBIAN-2022-403044. OSV-2022-403045. OSV-ALPINE-2022-403046. GCVE-2022-403047. SECURITY-TRACKER-CVE-2022-403048. SECURITY-CVE-2022-40304

References

1. https://vulncheck.com/cve/CVE-2022-403042. https://nokogiri.org/CHANGELOG.html#1139-2022-10-183. https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.34. https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b5. https://gitlab.gnome.org/GNOME/libxml2/-/tags

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.