製品・ソフトウェアに関する情報
Vulnerability Search
libxml2 における整数オーバーフローの脆弱性
Title libxml2 における整数オーバーフローの脆弱性
Summary

libxml2 には、整数オーバーフローの脆弱性が存在します。

Possible impacts サービス運用妨害 (DoS) 状態にされる可能性があります。 
Solution

ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。

Publication Date May 2, 2022, midnight
Registration Date Aug. 14, 2023, 11:03 a.m.
Last Update May 15, 2025, 5:16 p.m.
CVSS3.0 : 警告
Score 6.5
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS2.0 : 警告
Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:N/A:P
Affected System
オラクル
ZFS Storage Appliance Kit 
日立
Job Management Partner 1/IT Desktop Management - Manager 
Job Management Partner 1/IT Desktop Management 2 - Manager 
JP1/IT Desktop Management - Manager 
JP1/IT Desktop Management 2 - Manager 
JP1/IT Desktop Management 2 - Operations Director 
Debian
Debian GNU/Linux 
Fedora Project
Fedora 
xmlsoft.org
libxml2 2.9.14 未満
NetApp
Active IQ Unified Manager 
Clustered Data ONTAP Antivirus Connector 
Mnageability Software Development Kit 
NetApp SMI-S Provider 
ONTAP (旧 Clustered Data ONTAP) 
ONTAP Select Deploy administration utility 
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
Change Log
No Changed Details Date of change
1 [2023年08月14日]
  掲載		 Aug. 14, 2023, 11:03 a.m.
2 [2025年05月15日]
  影響を受けるシステム:ベンダ情報の追加に伴い内容を更新
  ベンダ情報:日立 (hitachi-sec-2025-122) を追加		 May 15, 2025, 1:36 p.m.
NVD Vulnerability Information
CVE-2022-29824
Summary

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

Publication Date May 3, 2022, 12:15 p.m.
Registration Date May 3, 2022, 4 p.m.
Last Update Nov. 21, 2024, 3:59 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* 2.9.14
cpe:2.3:a:xmlsoft:libxslt:*:*:*:*:*:*:*:* 1.1.35
Configuration2 or higher or less more than less than
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*
Configuration5 or higher or less more than less than
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
Configuration8 or higher or less more than less than
cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
Configuration10 or higher or less more than less than
cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*
execution environment
1 cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List