ID CVE-2019-20388
Summary xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
References
Vulnerable Configurations
  • cpe:2.3:a:xmlsoft:libxml2:2.9.10:*:*:*:*:*:*:*
    cpe:2.3:a:xmlsoft:libxml2:2.9.10:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
    cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*
  • cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:plug-in_for_symantec_netbackup:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:baseboard_management_controller_h300s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:baseboard_management_controller_h300s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:baseboard_management_controller_h500s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:baseboard_management_controller_h500s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:baseboard_management_controller_h700s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:baseboard_management_controller_h700s:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:baseboard_management_controller_h300e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:baseboard_management_controller_h300e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:baseboard_management_controller_h500e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:baseboard_management_controller_h500e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:baseboard_management_controller_h700e_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:baseboard_management_controller_h700e:-:*:*:*:*:*:*:*
  • cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:netapp:baseboard_management_controller_h410s_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*
    cpe:2.3:h:netapp:baseboard_management_controller_h410s:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:-:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:5.2.47:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:6.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.19:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.20:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.20:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.21:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.21:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.22:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.22:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.23:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.23:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.24:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.24:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.25:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.25:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:mysql_workbench:8.0.26:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:mysql_workbench:8.0.26:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 25-07-2022 - 18:15)
Impact:
Exploitability:
CWE CWE-401
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7
  • libxml2-0:2.9.1-6.el7.5
  • libxml2-debuginfo-0:2.9.1-6.el7.5
  • libxml2-devel-0:2.9.1-6.el7.5
  • libxml2-python-0:2.9.1-6.el7.5
  • libxml2-static-0:2.9.1-6.el7.5
  • libxml2-0:2.9.7-8.el8
  • libxml2-debuginfo-0:2.9.7-8.el8
  • libxml2-debugsource-0:2.9.7-8.el8
  • libxml2-devel-0:2.9.7-8.el8
  • python3-libxml2-0:2.9.7-8.el8
  • python3-libxml2-debuginfo-0:2.9.7-8.el8
refmap via4
confirm https://security.netapp.com/advisory/ntap-20200702-0005/
fedora
  • FEDORA-2020-0c71c00af4
  • FEDORA-2020-41fe1680f6
  • FEDORA-2020-7694e8be73
gentoo GLSA-202010-04
misc
mlist [debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update
suse openSUSE-SU-2020:0681
Last major update 25-07-2022 - 18:15
Published 21-01-2020 - 23:15
Last modified 25-07-2022 - 18:15
Back to Top