CVE-2020-7595

Summary

CVE	CVE-2020-7595
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2020-01-21 23:15:00 UTC
Updated	2023-11-07 03:26:00 UTC
Description	xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

Risk And Classification

Problem Types: CWE-835

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Canonical	Ubuntu Linux	12.04	All	All	All
Operating System	Canonical	Ubuntu Linux	14.04	All	All	All
Operating System	Canonical	Ubuntu Linux	16.04	All	All	All
Operating System	Canonical	Ubuntu Linux	18.04	All	All	All
Operating System	Canonical	Ubuntu Linux	19.10	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Fedoraproject	Fedora	30	All	All	All
Operating System	Fedoraproject	Fedora	31	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Application	Netapp	Clustered Data Ontap	-	All	All	All
Hardware	Netapp	H300e	-	All	All	All
Operating System	Netapp	H300e Firmware	-	All	All	All
Hardware	Netapp	H300s	-	All	All	All
Operating System	Netapp	H300s Firmware	-	All	All	All
Hardware	Netapp	H410c	-	All	All	All
Operating System	Netapp	H410c Firmware	-	All	All	All
Hardware	Netapp	H410s	-	All	All	All
Operating System	Netapp	H410s Firmware	-	All	All	All
Hardware	Netapp	H500e	-	All	All	All
Operating System	Netapp	H500e Firmware	-	All	All	All
Hardware	Netapp	H500s	-	All	All	All
Operating System	Netapp	H500s Firmware	-	All	All	All
Hardware	Netapp	H700e	-	All	All	All
Operating System	Netapp	H700e Firmware	-	All	All	All
Hardware	Netapp	H700s	-	All	All	All
Operating System	Netapp	H700s Firmware	-	All	All	All
Application	Netapp	Smi-s Provider	-	All	All	All
Application	Netapp	Snapdrive	-	All	All	All
Application	Netapp	Steelstore Cloud Integrated Storage	-	All	All	All
Application	Netapp	Symantec Netbackup	-	All	All	All
Application	Oracle	Communications Cloud Native Core Network Function Cloud Native Environment	1.10.0	All	All	All
Application	Oracle	Enterprise Manager Base Platform	13.4.0.0	All	All	All
Application	Oracle	Enterprise Manager Base Platform	13.5.0.0	All	All	All
Application	Oracle	Enterprise Manager Ops Center	12.4.0.0	All	All	All
Application	Oracle	Mysql Workbench	All	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.58	All	All	All
Application	Oracle	Real User Experience Insight	13.3.1.0	All	All	All
Application	Oracle	Real User Experience Insight	13.4.1.0	All	All	All
Application	Oracle	Real User Experience Insight	13.5.1.0	All	All	All
Application	Siemens	Sinema Remote Connect Server	All	All	All	All
Application	Xmlsoft	Libxml2	2.9.10	All	All	All
Application	Xmlsoft	Libxml2	2.9.10	All	All	All

References

Reference	Source	Link	Tags
libxml2: Multiple vulnerabilities (GLSA 202010-04) — Gentoo security	GENTOO	security.gentoo.org
Siemens SINEMA Remote Connect Server \| CISA	CONFIRM	us-cert.cisa.gov
[SECURITY] [DLA 2369-1] libxml2 security update	MLIST	lists.debian.org
USN-4274-1: libxml2 vulnerabilities \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
Oracle Critical Patch Update Advisory - July 2020	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - April 2022	MISC	www.oracle.com
[security-announce] openSUSE-SU-2020:0681-1: moderate: Security update f	SUSE	lists.opensuse.org
[SECURITY] Fedora 30 Update: libxml2-2.9.10-3.fc30 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 31 Update: libxml2-2.9.10-3.fc31 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-1.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Oracle Critical Patch Update Advisory - October 2021	MISC	www.oracle.com
[SECURITY] Fedora 31 Update: libxml2-2.9.10-3.fc31 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
June 2020 Libxml2 Vulnerabilities in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf	CONFIRM	cert-portal.siemens.com
[SECURITY] Fedora 32 Update: mingw-libxml2-2.9.10-1.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
Fix infinite loop in xmlStringLenDecodeEntities (0e1a49c8) · Commits · GNOME / libxml2 · GitLab	MISC	gitlab.gnome.org	Patch, Third Party Advisory
[SECURITY] Fedora 30 Update: libxml2-2.9.10-3.fc30 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Oracle Critical Patch Update Advisory - July 2022	N/A	www.oracle.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
376204 Mysql Workbench Critical Patch Update Oct 2021
377365 Alibaba Cloud Linux Security Update for libxml2 (ALINUX3-SA-2022:0018)
377454 Alibaba Cloud Linux Security Update for libxml2 (ALINUX2-SA-2020:0149)
500350 Alpine Linux Security Update for libxml2
504113 Alpine Linux Security Update for libxml2
591406 Siemens SIMATIC S7-1500 CPU GNU/Linux subsystem Multiple Vulnerabilities (SSB-439005, ICSA-22-104-13)
690499 Free Berkeley Software Distribution (FreeBSD) Security Update for libxml (f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9)
730031 IBM MQ Appliance Multiple Vulnerabilities(6403297)
770068 Red Hat OpenShift Container Platform 4.6 Security Update (RHSA-2021:0436)
900125 CBL-Mariner Linux Security Update for libxml2 2.9.10
903149 Common Base Linux Mariner (CBL-Mariner) Security Update for libxml2 (1832)
940076 AlmaLinux Security Update for libxml2 (ALSA-2020:4479)