CVE-2020-24977: GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in…

medium6.5CVSS 3.1

AVNACLPRNUINSUCLINAL

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

Affected

30 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	libxml2	< libxml2 2.9.10+dfsg-6.2 (bookworm)	libxml2 2.9.10+dfsg-6.2 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
msrc	cm1_libxml2_2.9.10-3_on_cbl_mariner_1.0	—	—
netapp	active_iq_unified_manager	>= 7.3	—
netapp	active_iq_unified_manager	>= 9.5	—
nokogiri	nokogiri	>= 0 < 1.11.4	1.11.4
opensuse	leap	—	—
opensuse	leap	—	—
oracle	communications_cloud_native_core_network_function_cloud_native_environment	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	enterprise_manager_base_platform	—	—
oracle	enterprise_manager_ops_center	—	—
oracle	http_server	—	—
oracle	http_server	—	—
oracle	mysql_workbench	<= 8.0.26	—
oracle	peoplesoft_enterprise_peopletools	—	—
oracle	real_user_experience_insight	—	—
oracle	real_user_experience_insight	—	—
xmlsoft	libxml2	—	—
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.2	2.9.10+dfsg-6.2
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.2	2.9.10+dfsg-6.2
xmlsoft	libxml2	>= 0 < 2.9.10+dfsg-6.2	2.9.10+dfsg-6.2

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

ghsa7.5HIGH

osv9.1CRITICAL