CVE-2020-24977
Severity
6.5MEDIUM
EPSS
0.5%
top 33.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 4
Latest updateOct 15
Description
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LExploitability: 3.9 | Impact: 2.5
Affected Packages12 packages
Also affects: Fedora 31, 32, 33, Debian Linux 9.0
Patches
🔴Vulnerability Details
5📋Vendor Advisories
6Oracle
▶
Oracle
▶
Microsoft▶
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.↗2020-09-08
Red Hat
▶