Home

CVE-2022-29824

Description

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) dont check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2s buffer functions, for example libxslt through 1.1.35, is affected as well.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.074

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-2097,CVE-2022-29824,CVE-2022-35737 are affected in MySQL Workbench Enterprise Edition 8.0.30Windows
Vulnerabilities CVE-2022-2097,CVE-2022-29824,CVE-2022-35737 are affected in MySQL Workbench CE (x64) 8.0.30Windows
Vulnerabilities CVE-2023-28484,CVE-2023-29469,CVE-2022-29824 are fixed in Nessus 10.5.2Windows
Multiple vulnerabilities are fixed in Nessus 8.15.7Windows
Multiple vulnerabilities are fixed in Nessus Agent (x64) (10.3.1)Windows
Multiple vulnerabilities are fixed in Nessus Agent (10.3.1)Windows
Vulnerabilities CVE-2023-28484,CVE-2023-29469,CVE-2022-29824 are fixed in Tenable Nessus 10.5.2Windows
Multiple vulnerabilities are fixed in Tenable Nessus 8.15.7Windows
Multiple vulnerabilities are fixed in Tenable Nessus 10.3.1Windows
Multiple vulnerabilities are affected in Oracle HTTP Server 12.2.1.4.0Windows
GNOME XML library (USN-5422-1) libxml2_2.9.12+dfsg-4ubuntu0.2_i386.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.12+dfsg-4ubuntu0.2_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.13+dfsg-1ubuntu0.2_i386.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.13+dfsg-1ubuntu0.2_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.4+dfsg1-6.1ubuntu1.7_i386.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.4+dfsg1-6.1ubuntu1.7_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.10+dfsg-5ubuntu0.20.04.4_i386.debLinux
GNOME XML library (USN-5422-1) libxml2_2.9.10+dfsg-5ubuntu0.20.04.4_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.12+dfsg-4ubuntu0.2_i386.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.12+dfsg-4ubuntu0.2_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.13+dfsg-1ubuntu0.1_i386.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.13+dfsg-1ubuntu0.2_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.7_i386.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.4+dfsg1-6.1ubuntu1.7_amd64.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.4_i386.debLinux
GNOME XML library (USN-5422-1) libxml2-utils_2.9.10+dfsg-5ubuntu0.20.04.4_amd64.debLinux
libxml2 security update(DSA-5142-1) libxml2_2.9.4+dfsg1-7+deb10u4_i386.debLinux
libxml2 security update(DSA-5142-1) libxml2_2.9.4+dfsg1-7+deb10u4_amd64.debLinux
libxml2 security update(DSA-5142-1) libxml2_2.9.10+dfsg-6.7+deb11u2_amd64.debLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-32bit-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-2-debuginfo-32bit-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-debugsource-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-doc-2.9.4-46.54.3.noarch.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) libxml2-tools-debuginfo-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debuginfo-2.9.4-46.54.3.x86_64.rpmLinux
SUSE-SU-2022:1833-1(SUSE Linux Enterprise Server 12-SP5 ) python-libxml2-debugsource-2.9.4-46.54.3.x86_64.rpmLinux
Libxml2 update (ELSA-2022-5317) libxml2-2.9.7-13.el8_6.1.i686.rpmLinux
Libxml2 update (ELSA-2022-5317) libxml2-2.9.7-13.el8_6.1.x86_64.rpmLinux
Libxml2-devel update (ELSA-2022-5317) libxml2-devel-2.9.7-13.el8_6.1.i686.rpmLinux
Libxml2-devel update (ELSA-2022-5317) libxml2-devel-2.9.7-13.el8_6.1.x86_64.rpmLinux
Python3-libxml2 update (ELSA-2022-5317) python3-libxml2-2.9.7-13.el8_6.1.x86_64.rpmLinux
(RHSA-2022:5317) libxml2 security update libxml2-2.9.7-13.el8_6.1.i686.rpmLinux
(RHSA-2022:5317) libxml2 security update libxml2-2.9.7-13.el8_6.1.x86_64.rpmLinux
(RHSA-2022:5317) libxml2 security update libxml2-debugsource-2.9.7-13.el8_6.1.i686.rpmLinux
(RHSA-2022:5317) libxml2 security update libxml2-debugsource-2.9.7-13.el8_6.1.x86_64.rpmLinux
(RHSA-2022:5317) libxml2 security update libxml2-devel-2.9.7-13.el8_6.1.i686.rpmLinux
(RHSA-2022:5317) libxml2 security update libxml2-devel-2.9.7-13.el8_6.1.x86_64.rpmLinux
(RHSA-2022:5317) libxml2 security update python3-libxml2-2.9.7-13.el8_6.1.x86_64.rpmLinux
Libxml2 update (ELSA-2022-5250) libxml2-2.9.13-1.el9_0.1.i686.rpmLinux
Libxml2 update (ELSA-2022-5250) libxml2-2.9.13-1.el9_0.1.x86_64.rpmLinux
Libxml2-devel update (ELSA-2022-5250) libxml2-devel-2.9.13-1.el9_0.1.i686.rpmLinux
Libxml2-devel update (ELSA-2022-5250) libxml2-devel-2.9.13-1.el9_0.1.x86_64.rpmLinux
Python3-libxml2 update (ELSA-2022-5250) python3-libxml2-2.9.13-1.el9_0.1.x86_64.rpmLinux
SUSE-SU-2023:2491-1(Legacy Module 15-SP4 ) java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64.rpmLinux
SUSE-SU-2023:2491-1(Legacy Module 15-SP4 ) java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64.rpmLinux
SUSE-SU-2023:2491-1(Legacy Module 15-SP4 ) java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64.rpmLinux
SUSE-SU-2023:2491-1(Legacy Module 15-SP4 ) java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64.rpmLinux
SUSE-SU-2023:2491-1(Legacy Module 15-SP5 ) java-1_8_0-ibm-1.8.0_sr8.5-150000.3.74.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2491-1(Legacy Module 15-SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.5-150000.3.74.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2491-1(Legacy Module 15-SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.5-150000.3.74.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2491-1(Legacy Module 15-SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.5-150000.3.74.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-alsa-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-devel-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:4614-1(SUSE Linux Enterprise Server 12 SP5 ) java-1_8_0-ibm-plugin-1.8.0_sr8.15-30.117.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-99~1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-debugsource-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) wayland-devel-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-egl1-debuginfo-99~1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-cursor0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-client0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
SUSE-SU-2023:1860-1(Basesystem Module 15-SP4 ) libwayland-server0-32bit-debuginfo-1.19.0-150400.3.3.1.x86_64.rpmLinux
python3 update (TU-CESAS-0015) python3-idm-pki-11.4.2-1.el9.noarch.rpmLinux
python3 update (TU-CESAS-0015) python3-libxml2-2.9.13-4.el9.x86_64.rpmLinux
python3 update (TU-CESAS-0015) python3-cryptography-3.2.1-6.el8.x86_64.rpmLinux
libxml2 Security Update (ALAS2023-2023-096) libxml2-2.10.3-2.amzn2023.0.1.x86_64.rpmLinux
libxml2 Security Update (ALAS2023-2023-096) libxml2-devel-2.10.3-2.amzn2023.0.1.x86_64.rpmLinux
libxml2 Security Update (ALAS2023-2023-096) libxml2-static-2.10.3-2.amzn2023.0.1.x86_64.rpmLinux
libxml2 Security Update (ALAS2023-2023-096) python3-libxml2-2.10.3-2.amzn2023.0.1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-347137MySQL Workbench CE (x64) (8.0.42)
PATCH-346982Nessus Agent (x64) (10.8.4) (Manual Upload Required)
PATCH-346981Nessus Agent (10.8.4) (Manual Upload Required)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234