Published: 05/07/2022 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

NULL Pointer Dereference allows malicious users to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 up to and including 2.9.14. libxml2 2.9.9 and previous versions are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lxml lxml
fedoraproject fedora 36
fedoraproject fedora 37

Debian Bug report logs - #1014766 lxml: CVE-2022-2309 Package: src:lxml; Maintainer for src:lxml is Matthias Klose <doko@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 11 Jul 2022 18:00:01 UTC Severity: important Tags: security, upstream Reply or subscribe to this bug Toggle useless m ...

Several security issues were fixed in libxml2 ...

Synopsis Moderate: python-lxml security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-lxml is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...

Synopsis Important: OpenShift Container Platform 4132 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 4132 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift C ...

Synopsis Important: Red Hat OpenShift Data Foundation 4130 security and bug fix update Type/Severity Security Advisory: Important Topic Updated images that include numerous enhancements, security, and bug fixes are now available in Red Hat Container Registry for Red Hat OpenShift Data Foundation 4130 on Red Hat Enterprise Linux 9Red Hat ...

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash) This only applies when lxml is used together with libxml2 2910 through 2914 libxml2 299 and earlier are not affected It allows triggering crashes through forged input data, given a vulnerable code sequence in the application The vulnerability is ...

CWE-476 https://huntr.dev/bounties/8264e74f-edda-4c40-9956-49de635105ba https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f https://security.gentoo.org/glsa/202208-06 https://security.netapp.com/advisory/ntap-20220915-0006/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/URHHSIBTPTALXMECRLAC2EVDNAFSR5NO/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HGYC6L7ENH5VEGN3YWFBYMGKX6WNS7HZ/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014766 https://ubuntu.com/security/notices/USN-5760-1 https://nvd.nist.gov

CVE-2022-2309

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect