exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 13 of 13 RSS Feed

CVE-2022-2309

Status Candidate

Overview

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

Related Files

Gentoo Linux Security Advisory 202310-21
Posted Oct 31, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202310-21 - Multiple vulnerabilities have been discovered in ConnMan, the worst of which can lead to remote code execution. Versions greater than or equal to 1.42_pre20220801 are affected.

tags | advisory, remote, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2022-23096, CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293
SHA-256 | 9dfeb85d57972f2d70c4a0a5a86743f9d6690016bc7d1b9c3627a49632e39815
Ubuntu Security Notice USN-6236-1
Posted Jul 19, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-26675, CVE-2021-26676, CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293, CVE-2023-28488
SHA-256 | f3894c0008a42ac92888785f910724c4ae5b50e31e7b89bdf6b252564b1bdb6f
Ubuntu Security Notice USN-6028-2
Posted Jun 7, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6028-2 - USN-6028-1 fixed vulnerabilities in libxml2. This update provides the corresponding updates for Ubuntu 23.04. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-2309, CVE-2023-28484, CVE-2023-29469
SHA-256 | e936bfd38b8205cb07c32f3057dc5f6150b5dd58c2eeaad2df97c67b652a1946
Ubuntu Security Notice USN-5760-1
Posted Dec 5, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5760-1 - It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information or cause a crash. It was discovered that libxml2 incorrectly handled certain XML files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2022-2309, CVE-2022-40303, CVE-2022-40304
SHA-256 | 9fc112e80e0f3a354a493ad1a7397d6f1e017ae3dfe5deff8d20544d252e644b
Red Hat Security Advisory 2022-8226-01
Posted Nov 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8226-01 - lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Issues addressed include a null pointer vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2022-2309
SHA-256 | c7a7d8016e3f6e1bbea20fd6fe23d693073c38fd02b640fad0cb11e1c2e5708e
Debian Security Advisory 5231-1
Posted Sep 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5231-1 - Several vulnerabilities were discovered in ConnMan, a network manager for embedded devices, which could result in denial of service or the execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2022-23096, CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293
SHA-256 | ce4def7ac6b137a13c8cf721dd5db4140415515ed52baee6a0d76baf78234bf0
FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation
Posted Aug 18, 2022
Authored by Chris J-D | Site accessvector.net

FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.

tags | exploit, paper, kernel, local
systems | freebsd, bsd
advisories | CVE-2022-23090
SHA-256 | 326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
Gentoo Linux Security Advisory 202208-06
Posted Aug 10, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-6 - Multiple vulnerabilities have been discovered in lxml, the worst of which could result in denial of service. Versions less than 4.9.1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-28957, CVE-2021-43818, CVE-2022-2309
SHA-256 | 6d9496250c6b1be096da8fdfc2ddf483123bdd7eda3323ea9efa66b39b901e0a
Open-Xchange App Suite 7.10.x Cross Site Scripting / Command Injection
Posted Jul 22, 2022
Authored by Martin Heiland

Open-Xchange App Suite versions 7.10.6 and below suffer from OS command injection and cross site scripting vulnerabilities. One particular cross site scripting issue only affects versions 7.10.5 and below.

tags | advisory, vulnerability, xss
advisories | CVE-2021-42550, CVE-2022-23099, CVE-2022-23100, CVE-2022-23101, CVE-2022-24405, CVE-2022-24406
SHA-256 | 145c2f74cfe9370dfbec4b0f72f06c5a67138afef07940be7a7e97d9a4b1f072
Red Hat Security Advisory 2022-0492-01
Posted Feb 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0492-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.43.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20206, CVE-2021-3521, CVE-2021-4034, CVE-2022-20612, CVE-2022-20617, CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-23094
SHA-256 | 05aecb754e5832077aaa2ae3980ca42cf63ce1fddf63c16a0324164d48232f01
Debian Security Advisory 5048-1
Posted Jan 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5048-1 - It was discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 packet, resulting in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2022-23094
SHA-256 | 49b5b11108f21bf2ed5a8aae985a66461fe0fcad63e28569d5fec535337acfb8
Red Hat Security Advisory 2022-0239-02
Posted Jan 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0239-02 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-23094
SHA-256 | d81868a5e2e71fa5b6b2567857ad51ea634e921cda98438f96161984eb39b2c8
Red Hat Security Advisory 2022-0199-02
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0199-02 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-23094
SHA-256 | cba116a8ccd05fea01368a369b31a845a85169c45f170a62a3ca4d23bfd14890
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close