First published: Tue Jan 21 2020(Updated: )
GNOME libxml2 is vulnerable to a denial of service, caused by an error in xmlStringLenDecodeEntities in parser.c. An attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el6 | 0:7.64.1-36.jbcs.el6 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el6 | 0:2.4.37-57.jbcs.el6 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el6 | 0:1.39.2-25.jbcs.el6 |
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el7 | 0:7.64.1-36.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el7 | 0:2.4.37-57.jbcs.el7 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el7 | 0:1.39.2-25.jbcs.el7 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-7.jbcs.el7 | 0:0.4.10-7.jbcs.el7 |
redhat/libxml2 | <0:2.9.1-6.el7.5 | 0:2.9.1-6.el7.5 |
redhat/libxml2 | <0:2.9.7-8.el8 | 0:2.9.7-8.el8 |
Xmlsoft Libxml2 | =2.9.10 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Debian Debian Linux | =9.0 | |
Siemens SINEMA Remote Connect Server | <3.0 | |
NetApp Clustered Data ONTAP | ||
Netapp Smi-s Provider | ||
Netapp Snapdrive Windows | ||
Netapp Steelstore Cloud Integrated Storage | ||
Netapp Symantec Netbackup | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
Oracle Real User Experience Insight | =13.3.1.0 | |
Oracle Communications Cloud Native Core Network Function Cloud Native Environment | =1.10.0 | |
Oracle Enterprise Manager Base Platform | =13.4.0.0 | |
Oracle Enterprise Manager Base Platform | =13.5.0.0 | |
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle Mysql Workbench | <=8.0.26 | |
Oracle PeopleSoft Enterprise PeopleTools | =8.58 | |
Oracle Real User Experience Insight | =13.4.1.0 | |
Oracle Real User Experience Insight | =13.5.1.0 | |
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
All of | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
All of | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
All of | ||
Netapp H410c Firmware | ||
Netapp H410c | ||
IBM Security Guardium | <=10.5 | |
IBM Security Guardium | <=10.6 | |
IBM Security Guardium | <=11.0 | |
IBM Security Guardium | <=11.1 | |
IBM Security Guardium | <=11.2 | |
IBM Security Guardium | <=11.3 | |
Siemens SINEMA Remote Connect Server | <3.0 | 3.0 |
debian/libxml2 | 2.9.10+dfsg-6.7+deb11u4 2.9.10+dfsg-6.7+deb11u5 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3 2.12.7+dfsg-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The severity of CVE-2020-7595 is high.
The affected software version of CVE-2020-7595 is libxml2 2.9.10.
CVE-2020-7595 causes an infinite loop in a certain end-of-file situation in libxml2 2.9.10.
The recommended remedy for CVE-2020-7595 is to update to version 2.9.1-6.el7.5 or 2.9.7-8.el8 of libxml2.
Yes, there are references available for CVE-2020-7595. Please refer to the following links: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076 and https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1799787 and https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1799789.