CVE-2020-24977
Summary
| CVE | CVE-2020-24977 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-04 00:15:00 UTC |
| Updated | 2023-11-07 03:20:00 UTC |
| Description | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Operating System | Fedoraproject | Fedora | 31 | All | All | All |
| Operating System | Fedoraproject | Fedora | 32 | All | All | All |
| Operating System | Fedoraproject | Fedora | 33 | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | Active Iq Unified Manager | All | All | All | All |
| Application | Netapp | Clustered Data Ontap | - | All | All | All |
| Application | Netapp | Clustered Data Ontap | - | All | All | All |
| Application | Netapp | Clustered Data Ontap Antivirus Connector | - | All | All | All |
| Application | Netapp | Clustered Data Ontap Antivirus Connector | - | All | All | All |
| Hardware | Netapp | Hci H410c | - | All | All | All |
| Hardware | Netapp | Hci H410c | - | All | All | All |
| Operating System | Netapp | Hci H410c Firmware | - | All | All | All |
| Operating System | Netapp | Hci H410c Firmware | - | All | All | All |
| Application | Netapp | Inventory Collect Tool | - | All | All | All |
| Application | Netapp | Inventory Collect Tool | - | All | All | All |
| Application | Netapp | Manageability Software Development Kit | - | All | All | All |
| Application | Netapp | Manageability Software Development Kit | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Application | Netapp | Snapdrive | - | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Operating System | Opensuse | Leap | 15.1 | All | All | All |
| Operating System | Opensuse | Leap | 15.2 | All | All | All |
| Application | Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.10.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.4.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Base Platform | 13.5.0.0 | All | All | All |
| Application | Oracle | Enterprise Manager Ops Center | 12.4.0.0 | All | All | All |
| Application | Oracle | Http Server | 12.2.1.3.0 | All | All | All |
| Application | Oracle | Http Server | 12.2.1.4.0 | All | All | All |
| Application | Oracle | Mysql Workbench | All | All | All | All |
| Application | Oracle | Peoplesoft Enterprise Peopletools | 8.58 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.4.1.0 | All | All | All |
| Application | Oracle | Real User Experience Insight | 13.5.1.0 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.10 | All | All | All |
| Application | Xmlsoft | Libxml2 | 2.9.10 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] [DLA 2369-1] libxml2 security update | MLIST | lists.debian.org | Third Party Advisory |
| xmllint: global-buffer-overflow in xmlEncodeEntitiesInternal (#178) · Issues · GNOME / libxml2 · GitLab | MISC | gitlab.gnome.org | Exploit, Patch, Vendor Advisory |
| [SECURITY] Fedora 33 Update: mingw-libxml2-2.9.10-8.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Fix out-of-bounds read with 'xmllint --htmlout' (50f06b3e) · Commits · GNOME / libxml2 · GitLab | MISC | gitlab.gnome.org | Patch, Vendor Advisory |
| [SECURITY] Fedora 33 Update: mingw-libxml2-2.9.10-3.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-8.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 31 Update: mingw-libxml2-2.9.10-3.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-8.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Oracle Critical Patch Update Advisory - April 2022 | MISC | www.oracle.com | |
| [SECURITY] Fedora 31 Update: libxml2-2.9.10-4.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Pony Mail! | MLIST | lists.apache.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 33 Update: mingw-libxml2-2.9.10-3.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [security-announce] openSUSE-SU-2020:1465-1: moderate: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 33 Update: libxml2-2.9.10-7.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 33 Update: libxml2-2.9.10-8.fc33 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| Oracle Critical Patch Update Advisory - October 2021 | MISC | www.oracle.com | |
| [SECURITY] Fedora 33 Update: libxml2-2.9.10-7.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| libxml2: Multiple vulnerabilities (GLSA 202107-05) — Gentoo security | GENTOO | security.gentoo.org | |
| [SECURITY] Fedora 32 Update: libxml2-2.9.10-8.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-3.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 31 Update: mingw-libxml2-2.9.10-3.fc31 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 31 Update: libxml2-2.9.10-4.fc31 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: libxml2-2.9.10-8.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 33 Update: libxml2-2.9.10-8.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-3.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: libxml2-2.9.10-7.fc32 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [SECURITY] Fedora 32 Update: libxml2-2.9.10-7.fc32 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | Third Party Advisory |
| [SECURITY] Fedora 33 Update: mingw-libxml2-2.9.10-8.fc33 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| [security-announce] openSUSE-SU-2020:1430-1: moderate: Security update f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| [mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar | lists.apache.org | ||
| Oracle Critical Patch Update Advisory - July 2022 | N/A | www.oracle.com | |
| CVE-2020-24977 Libxml2 Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 159191 Oracle Enterprise Linux Security Update for libxml2 (ELSA-2021-1597)
- 198409 Ubuntu Security Notification for libxml2 vulnerabilities (USN-4991-1)
- 239333 Red Hat Update for libxml2 (RHSA-2021:1597)
- 296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
- 352392 Amazon Linux Security Advisory for libxml2: ALAS2-2021-1662
- 354929 Amazon Linux Security Advisory for libxml2 : ALAS-2023-1743
- 376204 Mysql Workbench Critical Patch Update Oct 2021
- 376550 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities (CPUAPR2022)
- 377365 Alibaba Cloud Linux Security Update for libxml2 (ALINUX3-SA-2022:0018)
- 377648 Oracle Hypertext Transfer Protocol Server (HTTP Server) Multiple Vulnerabilities(CPUOCT2022)
- 500341 Alpine Linux Security Update for libxml2
- 504105 Alpine Linux Security Update for libxml2
- 591018 Hitachi Energy RTU500 series Multiple Vulnerabilities (ICSA-21-336-08)
- 591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
- 690499 Free Berkeley Software Distribution (FreeBSD) Security Update for libxml (f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9)
- 710071 Gentoo Linux libxml2 Multiple vulnerabilities (GLSA 202107-05)
- 900193 CBL-Mariner Linux Security Update for libxml2 2.9.10
- 903434 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (2189)
- 940082 AlmaLinux Security Update for libxml2 (ALSA-2021:1597)
- 960858 Rocky Linux Security Update for libxml2 (RLSA-2021:1597)