{
  "threat_severity" : "Moderate",
  "public_date" : "2022-05-03T00:00:00Z",
  "bugzilla" : {
    "description" : "libxml2: integer overflows in xmlBuf and xmlBuffer lead to out-of-bounds write",
    "id" : "2082158",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2082158"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-787",
  "details" : [ "In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.", "A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the xmlBuffer types. A substantial input causes values to calculate buffer sizes to overflow, resulting in an out-of-bounds write." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-06-30T00:00:00Z",
    "advisory" : "RHSA-2022:5317",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libxml2-0:2.9.7-13.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2022-06-30T00:00:00Z",
    "advisory" : "RHSA-2022:5317",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libxml2-0:2.9.7-13.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-07-01T00:00:00Z",
    "advisory" : "RHSA-2022:5250",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "libxml2-0:2.9.13-1.el9_0.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-07-01T00:00:00Z",
    "advisory" : "RHSA-2022:5250",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "libxml2-0:2.9.13-1.el9_0.1"
  }, {
    "product_name" : "Text-Only JBCS",
    "release_date" : "2022-12-08T00:00:00Z",
    "advisory" : "RHSA-2022:8841",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1",
    "package" : "libxml2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-29824\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-29824" ],
  "name" : "CVE-2022-29824",
  "mitigation" : {
    "value" : "Avoid passing large inputs to the libxml2 library.",
    "lang" : "en:us"
  },
  "csaw" : false
}