CVE-2020-7595 — Infinite Loop in Libxml2

CWE-835 — Infinite Loop CWE-348 — Use of Less Trusted Source16 documents10 sources

Severity

7.5HIGHNVD

EPSS

0.5%

top 35.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Siemens Sinema Remote Connect Server Nokogiri +9 more

Timeline

PublishedJan 21

Latest updateJan 14

Description

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

▶Debianxmlsoft/libxml2< 2.9.10+dfsg-2.1+3

▶Ubuntuxmlsoft/libxml2< 2.9.3+dfsg1-1ubuntu0.7+2

▶NVDxmlsoft/libxml22.9.10

▶RubyGemsnokogiri/nokogiri< 1.10.8

▶NVDsiemens/sinema_remote_connect_server< 3.0

Also affects: Debian Linux 9.0, Fedora 30, 31, 32, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10

Patches

Patch: gitlab.gnome.org ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation↗2020-02-24

▶

OSV

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation↗2020-02-24

▶

OSV

libxml2 vulnerabilities↗2020-02-10

▶

CVEList

CVE-2020-7595: xmlStringLenDecodeEntities in parser↗2020-01-21

▶

OSV

CVE-2020-7595: xmlStringLenDecodeEntities in parser↗2020-01-21

▶

📋Vendor Advisories

Red Hat

networkmanager: GRE & GRE6 protocol excessive trust↗2025-01-14

▶

Oracle

Oracle Oracle Enterprise Manager Risk Matrix: APM Mesh (libxml2) — CVE-2020-7595↗2020-07-15

▶

Ubuntu

libxml2 vulnerabilities↗2020-02-10

▶

Red Hat

libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations↗2020-01-21

▶

Microsoft

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.↗2020-01-14

▶

💬Community

Bugzilla

CVE-2020-7595 mingw-libxml2: libxml2: infinite loop in a certain end-of-file situation [epel-7]↗2020-02-06

▶

Bugzilla

CVE-2020-7595 mingw-libxml2: libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations [fedora-all]↗2020-02-06

▶

Bugzilla

CVE-2020-7595 libxml2: infinite loop in a certain end-of-file situation [fedora-all]↗2020-02-06

▶

Bugzilla

CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations↗2020-02-06

▶