CVE-2019-20388
Summary
| CVE | CVE-2019-20388 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-21 23:15:00 UTC |
| Updated | 2023-11-09 14:44:00 UTC |
| Description | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. |
Risk And Classification
Problem Types: CWE-401
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 30 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H300e | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H300e Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H300s | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H300s Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H410s | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H410s Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H500e | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H500e Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H500s | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H500s Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H700e | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H700e Firmware | - | All | All | All |
| Hardware | Netapp | Baseboard Management Controller H700s | - | All | All | All |
| Operating System | Netapp | Baseboard Management Controller H700s Firmware | - | All | All | All |
| Application | Netapp | Cloud Backup | - | All | All | All |
| Application | Netapp | Clustered Data Ontap | - | All | All | All |
| Hardware | Netapp | H300e | - | All | All | All |
| Operating System | Netapp | H300e Firmware | - | All | All | All |
| Hardware | Netapp | H300s | - | All | All | All |
| Operating System | Netapp | H300s Firmware | - | All | All | All |
| Hardware | Netapp | H410s | - | All | All | All |
| Operating System | Netapp | H410s Firmware | - | All | All | All |
| Hardware | Netapp | H500e | - | All | All | All |
| Operating System | Netapp | H500e Firmware | - | All | All | All |
| Hardware | Netapp | H500s | - | All | All | All |
| Operating System | Netapp | H500s Firmware | - | All | All | All |
| Hardware | Netapp | H700e | - | All | All | All |
| Operating System | Netapp | H700e Firmware | - | All | All | All |
| Hardware | Netapp | H700s | - | All | All | All |
| Operating System | Netapp | H700s Firmware | - | All | All | All |
| Application | Netapp | Ontap Select Deploy Administration Utility | - | All | All | All |
| Application | Netapp | Plug-in For Symantec Netbackup | - | All | All | All |
| Application | Netapp | Smi-s Provider | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Netapp | Steelstore Cloud Integrated Storage | - | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.10.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.4.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.5.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.4.0.0 | All | All | All |
| Application | Oracle | Mysql Workbench | All | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.58 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.3.1.0 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.4.1.0 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.5.1.0 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.10 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.10 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| libxml2: Multiple vulnerabilities (GLSA 202010-04) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] [DLA 2369-1] libxml2 security update | MLIST | lists.debian.org | |
| Oracle Critical Patch Update Advisory - July 2020 | MISC | www.oracle.com | |
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| [security-announce] openSUSE-SU-2020:0681-1: moderate: Security update f | SUSE | lists.opensuse.org | |
| [SECURITY] Fedora 30 Update: libxml2-2.9.10-3.fc30 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| Fix memory leak in xmlSchemaValidateStream (!68) · Merge Requests · GNOME / libxml2 · GitLab | MISC | gitlab.gnome.org | Patch, Third Party Advisory |
| [SECURITY] Fedora 31 Update: libxml2-2.9.10-3.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-1.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Oracle Critical Patch Update Advisory - October 2021 | MISC | www.oracle.com | |
| [SECURITY] Fedora 31 Update: libxml2-2.9.10-3.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| June 2020 Libxml2 Vulnerabilities in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| [SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-1.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 30 Update: libxml2-2.9.10-3.fc30 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 198409 Ubuntu Security Notification for libxml2 vulnerabilities (USN-4991-1)
- 296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
- 376204 Mysql Workbench Critical Patch Update Oct 2021
- 377365 Alibaba Cloud Linux Security Update for libxml2 (ALINUX3-SA-2022:0018)
- 377454 Alibaba Cloud Linux Security Update for libxml2 (ALINUX2-SA-2020:0149)
- 500340 Alpine Linux Security Update for libxml2
- 504104 Alpine Linux Security Update for libxml2
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 690499 Free Berkeley Software Distribution (FreeBSD) Security Update for libxml (f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9)
- 730031 IBM MQ Appliance Multiple Vulnerabilities(6403297)
- 770068 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)
- 900125 CBL-Mariner Linux Security Update for libxml2 2.9.10
- 903107 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (1831)
- 940076 AlmaLinux Security Update for libxml2 (ALSA-2020:4479)