7.5
CVE-2019-20388
- EPSS 4.39%
- Veröffentlicht 21.01.2020 23:15:13
- Zuletzt bearbeitet 17.12.2025 22:15:55
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version9.0
Netapp ≫ Cloud Backup Version-
Netapp ≫ Clustered Data Ontap Version-
Netapp ≫ Ontap Select Deploy Administration Utility Version-
Netapp ≫ Plug-in For Symantec Netbackup Version-
Netapp ≫ Smi-s Provider Version-
Netapp ≫ Steelstore Cloud Integrated Storage Version-
Netapp ≫ H300s Firmware Version-
Netapp ≫ H500s Firmware Version-
Netapp ≫ H700s Firmware Version-
Netapp ≫ H300e Firmware Version-
Netapp ≫ H500e Firmware Version-
Netapp ≫ H700e Firmware Version-
Netapp ≫ H410s Firmware Version-
Oracle ≫ Enterprise Manager Base Platform Version13.4.0.0
Oracle ≫ Enterprise Manager Base Platform Version13.5.0.0
Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0
Oracle ≫ Mysql Workbench Version <= 8.0.26
Oracle ≫ Peoplesoft Enterprise Peopletools Version8.58
Oracle ≫ Real User Experience Insight Version13.3.1.0
Oracle ≫ Real User Experience Insight Version13.4.1.0
Oracle ≫ Real User Experience Insight Version13.5.1.0
Fedoraproject ≫ Fedora Version30
Fedoraproject ≫ Fedora Version31
Fedoraproject ≫ Fedora Version32
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.39% | 0.9 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
https://security.gentoo.org/glsa/202010-04
https://security.netapp.com/advisory/ntap-20200702-0005/