CVE-2020-24977

Опубликовано: 04 сент. 2020

Источник: debian

EPSS Низкий

Описание

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
libxml2	fixed	2.9.10+dfsg-6.2		package
libxml2	fixed	2.9.4+dfsg1-7+deb10u2	buster	package

Примечания

https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
The issue is specific and restricted to xmllint:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178#note_892545
and present before the 0b19f236a263 ("Fixed ICU to set flush correctly and
provide pivot buffer.") commit itself.
Crash in CLI tool, no security impact

EPSS

Процентиль: 65%

0.00502

Низкий

Связанные уязвимости

CVE-2020-24977

CVSS3: 6.5

ubuntu

больше 5 лет назад

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

CVE-2020-24977

CVSS3: 6.5

redhat

больше 5 лет назад

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

CVE-2020-24977

CVSS3: 6.5

nvd

больше 5 лет назад

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

CVE-2020-24977

CVSS3: 6.5

msrc

больше 5 лет назад

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

openSUSE-SU-2020:1465-1

suse-cvrf

больше 5 лет назад

Security update for libxml2

EPSS

Процентиль: 65%

0.00502

Низкий