CVE-2019-20200
openSUSE Security Advisory - openSUSE-SU-2021:3804-1
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
Se descubrió un problema en ezXML versiones 0.8.3 hasta la versión 0.8.6. La función ezxml_decode, mientras analiza un archivo XML, realiza un manejo de memoria incorrecto, conllevando a una lectura excesiva de búfer en la región heap de la memoria en la funcionalidad "normalize line endings".
An update that fixes 16 vulnerabilities is now available. This update for netcdf fixes the following issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-31 CVE Reserved
- 2019-12-31 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- 2025-04-27 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://sourceforge.net/p/ezxml/bugs/19 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ezxml Project Search vendor "Ezxml Project" | Ezxml Search vendor "Ezxml Project" for product "Ezxml" | >= 0.8.3 <= 0.8.6 Search vendor "Ezxml Project" for product "Ezxml" and version " >= 0.8.3 <= 0.8.6" | - |
Affected
| ||||||