CVE-2019-20388
published 2020-01-21CVE-2019-20388: xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.10+dfsg-2.1 (bookworm) | libxml2 2.9.10+dfsg-2.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_libxml2_2.9.10-2_on_cbl_mariner_1.0 | — | — |
| nokogiri | nokogiri | >= 0 < 1.11.4 | 1.11.4 |
| opensuse | leap | — | — |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | enterprise_manager_base_platform | — | — |
| oracle | enterprise_manager_base_platform | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | mysql_workbench | <= 8.0.26 | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | real_user_experience_insight | — | — |
| oracle | real_user_experience_insight | — | — |
| oracle | real_user_experience_insight | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-2.1 | 2.9.10+dfsg-2.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-2.1 | 2.9.10+dfsg-2.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-2.1 | 2.9.10+dfsg-2.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.10+dfsg-2.1 | 2.9.10+dfsg-2.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-6.1ubuntu1.4 | 2.9.4+dfsg1-6.1ubuntu1.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv9.1CRITICAL