CVE-2022-40304

HIGH EXPLOITED

Apple Ipados < 15.7.2 - Double Free

Title source: rule

Description

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.

References (14)

Scores

CVSS v3 7.8
EPSS 0.0011
EPSS Percentile 28.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2022-12-13

Classification

CWE
CWE-415
Status published

Affected Products (17)

xmlsoft/libxml2 < 2.10.3
netapp/active_iq_unified_manager
netapp/clustered_data_ontap
netapp/clustered_data_ontap_antivirus_connector
netapp/manageability_software_development_kit
netapp/smi-s_provider
netapp/snapmanager
netapp/h300s_firmware
netapp/h500s_firmware
netapp/h700s_firmware
netapp/h410s_firmware
netapp/h410c_firmware
apple/ipados < 15.7.2
apple/iphone_os < 15.7.2
apple/macos < 11.7.2
... and 2 more

Timeline

Published Nov 23, 2022
Tracked Since Feb 18, 2026