CVE-2020-7595

Опубликовано: 21 янв. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
Broken Link
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
https://security.gentoo.org/glsa/202010-04
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200702-0005/
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
Third Party Advisory
US Government Resource
https://usn.ubuntu.com/4274-1/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
Patch
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
Broken Link
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xmlsoft:libxml2:2.9.10:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*

Конфигурация 4

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 5

cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*

Версия до 3.0 (исключая)

Конфигурация 6

Одно из

cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*

cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:symantec_netbackup:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 14

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Конфигурация 15

cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*

Конфигурация 16

Одно из

cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*

Версия до 8.0.26 (включая)

cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00466

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835

Связанные уязвимости

CVE-2020-7595

CVSS3: 7.5

ubuntu

около 6 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595

CVSS3: 7.5

redhat

около 6 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595

CVSS3: 7.5

msrc

больше 5 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-7595

CVSS3: 7.5

debian

около 6 лет назад

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...

GHSA-7553-jr98-vx47

CVSS3: 7.5

github

почти 6 лет назад

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

EPSS

Процентиль: 64%

0.00466

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-835