CVE-2019-20388

HIGH

Xmlsoft Libxml2 < 8.0.26 - Memory Leak

Title source: rule

Description

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

References (12)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

[Patch, Third Party Advisory] https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

[Third Party Advisory] https://security.gentoo.org/glsa/202010-04

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20200702-0005/

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuapr2022.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpujul2020.html

[Vendor Advisory] https://www.oracle.com/security-alerts/cpujul2022.html

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuoct2021.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

Scores

CVSS v3 7.5

EPSS 0.0056

EPSS Percentile 68.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (29)

xmlsoft/libxml2

debian/debian_linux

netapp/cloud_backup

netapp/clustered_data_ontap

netapp/ontap_select_deploy_administration_utility

netapp/plug-in_for_symantec_netbackup

netapp/smi-s_provider

netapp/snapdrive

netapp/steelstore_cloud_integrated_storage

netapp/h300s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

netapp/h300e_firmware

netapp/h500e_firmware

netapp/h700e_firmware

... and 14 more

Timeline

Published Jan 21, 2020

Tracked Since Feb 18, 2026