First published: Tue Jan 21 2020(Updated: )
GNOME libxml2 could allow a remote attacker to obtain sensitive information, caused by a xmlSchemaValidateStream memory leak in xmlSchemaPreRun in xmlschemas.c. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to obtain sensitive information.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el6 | 0:7.64.1-36.jbcs.el6 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el6 | 0:2.4.37-57.jbcs.el6 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el6 | 0:1.39.2-25.jbcs.el6 |
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el7 | 0:7.64.1-36.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el7 | 0:2.4.37-57.jbcs.el7 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el7 | 0:1.39.2-25.jbcs.el7 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-7.jbcs.el7 | 0:0.4.10-7.jbcs.el7 |
redhat/libxml2 | <0:2.9.1-6.el7.5 | 0:2.9.1-6.el7.5 |
redhat/libxml2 | <0:2.9.7-8.el8 | 0:2.9.7-8.el8 |
Xmlsoft Libxml2 | =2.9.10 | |
Debian Debian Linux | =9.0 | |
Netapp Cloud Backup | ||
NetApp Clustered Data ONTAP | ||
NetApp ONTAP Select Deploy administration utility | ||
Netapp Plug-in For Symantec Netbackup | ||
Netapp Smi-s Provider | ||
Netapp Snapdrive Windows | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Baseboard Management Controller H300s Firmware | ||
Netapp Baseboard Management Controller H300s | ||
Netapp Baseboard Management Controller H500s Firmware | ||
Netapp Baseboard Management Controller H500s | ||
Netapp Baseboard Management Controller H700s Firmware | ||
Netapp Baseboard Management Controller H700s | ||
Netapp Baseboard Management Controller H300e Firmware | ||
Netapp Baseboard Management Controller H300e | ||
Netapp Baseboard Management Controller H500e Firmware | ||
Netapp Baseboard Management Controller H500e | ||
Netapp Baseboard Management Controller H700e Firmware | ||
Netapp Baseboard Management Controller H700e | ||
Netapp Baseboard Management Controller H410s Firmware | ||
Netapp Baseboard Management Controller H410s | ||
Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle Enterprise Manager Base Platform | =13.5.0.0 | |
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle Mysql Workbench | <=8.0.26 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle Real User Experience Insight | =13.3.1.0 | |
Oracle Real User Experience Insight | =13.4.1.0 | |
Oracle Real User Experience Insight | =13.5.1.0 | |
openSUSE Leap | =15.1 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
<=10.5 | ||
<=10.6 | ||
<=11.0 | ||
<=11.1 | ||
<=11.2 | ||
<=11.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2019-20388.
The title of this vulnerability is 'xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.'
The severity of CVE-2019-20388 is high, with a severity value of 7.
The vulnerability allows for a memory leak in the xmlSchemaValidateStream function of libxml2, which can lead to a denial of service and impact system availability.
The affected software includes 'jbcs-httpd24-curl', 'jbcs-httpd24-httpd', 'jbcs-httpd24-nghttp2', 'jbcs-httpd24-openssl-pkcs11', 'libxml2', and their specific versions on different platforms.
More information about CVE-2019-20388 can be found on the following references: [link1], [link2], [link3].
The Common Weakness Enumeration (CWE) ID of CVE-2019-20388 is CWE-401.