Vulnerability Description
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xmlsoft | Libxml2 | 2.9.10 |
| Debian | Debian Linux | 9.0 |
| Fedoraproject | Fedora | 31 |
| Opensuse | Leap | 15.1 |
| Netapp | Active Iq Unified Manager | >= 7.3 |
| Netapp | Clustered Data Ontap | - |
| Netapp | Clustered Data Ontap Antivirus Connector | - |
| Netapp | Inventory Collect Tool | - |
| Netapp | Manageability Software Development Kit | - |
| Netapp | Snapdrive | - |
| Netapp | Hci H410C Firmware | - |
| Netapp | Hci H410C | - |
| Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.10.0 |
| Oracle | Enterprise Manager Base Platform | 13.4.0.0 |
| Oracle | Enterprise Manager Ops Center | 12.4.0.0 |
| Oracle | Http Server | 12.2.1.3.0 |
| Oracle | Mysql Workbench | <= 8.0.26 |
| Oracle | Peoplesoft Enterprise Peopletools | 8.58 |
| Oracle | Real User Experience Insight | 13.4.1.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.htmlMailing ListThird Party Advisory
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05aPatchVendor Advisory
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/178ExploitIssue TrackingPatch
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430
- https://lists.debian.org/debian-lts-announce/2020/09/msg00009.htmlThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2020-24977?
CVE-2020-24977 is a vulnerability with a CVSS score of 6.5 (MEDIUM). GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
How severe is CVE-2020-24977?
CVE-2020-24977 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24977?
Check the references section above for vendor advisories and patch information. Affected products include: Xmlsoft Libxml2, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap, Netapp Active Iq Unified Manager.