CVE-2020-7595
published 2020-01-21CVE-2020-7595: xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.10+dfsg-2.1 (bookworm) | libxml2 2.9.10+dfsg-2.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_libxml2_2.9.10-2_on_cbl_mariner_1.0 | — | — |
| nokogiri | nokogiri | >= 0 < 1.10.8 | 1.10.8 |
| nokogiri | nokogiri | >= 0 < 1.11.4 | 1.11.4 |
| oracle | communications_cloud_native_core_network_function_cloud_native_environment | — | — |
| oracle | enterprise_manager_base_platform | — | — |
| oracle | enterprise_manager_base_platform | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | mysql_workbench | <= 8.0.26 | — |
| oracle | peoplesoft_enterprise_peopletools | — | — |
| oracle | real_user_experience_insight | — | — |
| oracle | real_user_experience_insight | — | — |
| oracle | real_user_experience_insight | — | — |
| siemens | sinema_remote_connect_server | < 3.0 | 3.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH