7.5

CVE-2019-19956

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XmlsoftLibxml2 Version < 2.9.10
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
OracleReal User Experience Insight Version13.3.1.0
FedoraprojectFedora Version30
FedoraprojectFedora Version32
CanonicalUbuntu Linux Version12.04 SwEdition-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.10
NetappActive Iq Unified Manager Version- SwPlatformvmware_vsphere
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.52% 0.918
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

CWE-772 Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html
Broken Link
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
Third Party Advisory
https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
https://security.netapp.com/advisory/ntap-20200114-0002/
Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
Third Party Advisory
US Government Resource
https://usn.ubuntu.com/4274-1/
Third Party Advisory