CVE-2020-7595Infinite Loop in Libxml2

CWE-835Infinite LoopCWE-348Use of Less Trusted Source16 documents10 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Xmlsoft Libxml2Siemens Sinema Remote Connect ServerNokogiri+9 more
Timeline
PublishedJan 21
Latest updateJan 14

Description

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

Debianxmlsoft/libxml2< 2.9.10+dfsg-2.1+3
Ubuntuxmlsoft/libxml2< 2.9.3+dfsg1-1ubuntu0.7+2
NVDxmlsoft/libxml22.9.10
RubyGemsnokogiri/nokogiri< 1.10.8

Also affects: Debian Linux 9.0, Fedora 30, 31, 32, Ubuntu Linux 12.04, 14.04, 16.04, 18.04, 19.10

Patches

Patch: gitlab.gnome.orgPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
GHSA
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation2020-02-24
OSV
libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation2020-02-24
OSV
libxml2 vulnerabilities2020-02-10
CVEList
CVE-2020-7595: xmlStringLenDecodeEntities in parser2020-01-21
OSV
CVE-2020-7595: xmlStringLenDecodeEntities in parser2020-01-21

📋Vendor Advisories

6
Red Hat
networkmanager: GRE & GRE6 protocol excessive trust2025-01-14
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: APM Mesh (libxml2) — CVE-2020-75952020-07-15
Ubuntu
libxml2 vulnerabilities2020-02-10
Red Hat
libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations2020-01-21
Microsoft
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.2020-01-14

💬Community

4
Bugzilla
CVE-2020-7595 mingw-libxml2: libxml2: infinite loop in a certain end-of-file situation [epel-7]2020-02-06
Bugzilla
CVE-2020-7595 mingw-libxml2: libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations [fedora-all]2020-02-06
Bugzilla
CVE-2020-7595 libxml2: infinite loop in a certain end-of-file situation [fedora-all]2020-02-06
Bugzilla
CVE-2020-7595 libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations2020-02-06
CVE-2020-7595 — Infinite Loop in Xmlsoft Libxml2 | cvebase