Vulnerability Details CVE-2020-24977
GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 6.4
References
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
- https://security.gentoo.org/glsa/202107-05
- https://security.netapp.com/advisory/ntap-20200924-0001/
- https://security.netapp.com/advisory/ntap-20200924-0001/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/
- https://security.gentoo.org/glsa/202107-05
- https://security.netapp.com/advisory/ntap-20200924-0001/
- https://security.netapp.com/advisory/ntap-20200924-0001/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Products affected by CVE-2020-24977
-
cpe:2.3:a:netapp:active_iq_unified_manager:7.3
-
cpe:2.3:a:netapp:active_iq_unified_manager:9.10
-
cpe:2.3:a:netapp:active_iq_unified_manager:9.11p1
-
cpe:2.3:a:netapp:active_iq_unified_manager:9.5
-
cpe:2.3:a:netapp:active_iq_unified_manager:9.6
-
cpe:2.3:a:netapp:clustered_data_ontap:-
-
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-
-
cpe:2.3:a:netapp:inventory_collect_tool:-
-
cpe:2.3:a:netapp:manageability_software_development_kit:-
-
cpe:2.3:a:netapp:snapdrive:-
-
Oracle » Communications Cloud Native Core Network Function Cloud Native Environment » Version: 1.10.0cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0
-
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0
-
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0
-
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0
-
cpe:2.3:a:oracle:http_server:12.2.1.3.0
-
cpe:2.3:a:oracle:http_server:12.2.1.4.0
-
cpe:2.3:a:oracle:mysql_workbench:-
-
cpe:2.3:a:oracle:mysql_workbench:5.2.47
-
cpe:2.3:a:oracle:mysql_workbench:6.0.9
-
cpe:2.3:a:oracle:mysql_workbench:6.1.7
-
cpe:2.3:a:oracle:mysql_workbench:6.2.5
-
cpe:2.3:a:oracle:mysql_workbench:6.3.10
-
cpe:2.3:a:oracle:mysql_workbench:6.3.8
-
cpe:2.3:a:oracle:mysql_workbench:8.0.12
-
cpe:2.3:a:oracle:mysql_workbench:8.0.13
-
cpe:2.3:a:oracle:mysql_workbench:8.0.14
-
cpe:2.3:a:oracle:mysql_workbench:8.0.15
-
cpe:2.3:a:oracle:mysql_workbench:8.0.16
-
cpe:2.3:a:oracle:mysql_workbench:8.0.17
-
cpe:2.3:a:oracle:mysql_workbench:8.0.18
-
cpe:2.3:a:oracle:mysql_workbench:8.0.19
-
cpe:2.3:a:oracle:mysql_workbench:8.0.20
-
cpe:2.3:a:oracle:mysql_workbench:8.0.21
-
cpe:2.3:a:oracle:mysql_workbench:8.0.22
-
cpe:2.3:a:oracle:mysql_workbench:8.0.23
-
cpe:2.3:a:oracle:mysql_workbench:8.0.24
-
cpe:2.3:a:oracle:mysql_workbench:8.0.25
-
cpe:2.3:a:oracle:mysql_workbench:8.0.26
-
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58
-
cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0
-
cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0
-
cpe:2.3:a:xmlsoft:libxml2:2.9.10
-
cpe:2.3:h:netapp:hci_h410c:-
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:netapp:hci_h410c_firmware:-
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:opensuse:leap:15.2