Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

  • Published: Nov 23, 2022
  • Updated: Apr 14, 2023
  • CVE: CVE-2022-40304
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
xmlsoft / libxml2 - 2.10.3
apple / macos 11.0 11.7.2
apple / watchos - 9.2
apple / tvos - 16.2
apple / ipados - 15.7.2
apple / iphone_os - 15.7.2
apple / macos 12.0 12.6.2