linux.oracle.com Open in urlscan Pro
2a02:26f0:3100:786::a15  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Oracle
 * ULN
 * Support
 * Documentation
 * Downloads

STAY CONNECTED:

 * Facebook
 * Twitter
 * LinkedIn
 * YouTube
 * Blog


CVE-2022-29824

 * ULN > 
 * Oracle Linux CVE repository  > 
 * CVE-2022-29824


CVE DETAILS

Release Date:2022-05-03


DESCRIPTION


In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*)
and tree.c (xmlBuffer*) don't check for integer overflows. This can result in
out-of-bounds memory writes. Exploitation requires a victim to open a crafted,
multi-gigabyte XML file. Other software using libxml2's buffer functions, for
example libxslt through 1.1.35, is affected as well.

See more information about CVE-2022-29824 from MITRE CVE dictionary and NIST NVD



CVSS V3.0 METRICS


NOTE: The following CVSS v3.0 metrics and score provided are preliminary and
subject to review.

Base Score: 6.5 Base Metrics: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Access Vector:
Network Attack Complexity: Low Privileges Required: None User Interaction:
Required Scope: Unchanged Confidentiality Impact: None Integrity Impact: None
Availability Impact: High



ERRATA INFORMATION


PlatformErrataRelease Date Oracle Linux version 8
(libxml2)ELSA-2022-53172022-07-01Oracle Linux version 9
(libxml2)ELSA-2022-52502022-06-30




This page is generated automatically and has not been checked for errors or
omissions. For clarification or corrections please contact the Oracle Linux ULN
team


TECHNICAL INFORMATION

 * Oracle Linux Certified Hardware
 * Oracle Linux Supported Releases


ORACLE LINUX SUPPORT

 * Oracle Linux Support
 * Oracle Premier Support for Systems
 * Advanced Customer Services


CONNECT

 * Facebook
 * Twitter
 * LinkedIn
 * YouTube
 * Blog


CONTACT US

 * Global contacts
 * Oracle 1-800-633-0691

Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy
Rights