CVE-2020-7595
libxml2: infinite loop in xmlStringLenDecodeEntities in some end-of-file situations
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
La función xmlStringLenDecodeEntities en el archivo parser.c en libxml2 versión 2.9.10, presenta un bucle infinito en una determinada situación de fin del archivo.
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 3 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 2 and includes bug fixes and enhancements. Issues addressed include buffer over-read, denial of service, and memory leak vulnerabilities.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-21 CVE Reserved
- 2020-01-21 CVE Published
- 2024-08-04 CVE Updated
- 2025-05-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf | Third Party Advisory |
|
| https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20200702-0005 | Third Party Advisory |
|
| https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08 | Third Party Advisory | |
| https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
|
| https://www.oracle.com/security-alerts/cpujul2022.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076 | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | 2023-11-07 | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netapp Search vendor "Netapp" | H300s Firmware Search vendor "Netapp" for product "H300s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300s Search vendor "Netapp" for product "H300s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500s Firmware Search vendor "Netapp" for product "H500s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500s Search vendor "Netapp" for product "H500s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700s Firmware Search vendor "Netapp" for product "H700s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700s Search vendor "Netapp" for product "H700s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H300e Firmware Search vendor "Netapp" for product "H300e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H300e Search vendor "Netapp" for product "H300e" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H500e Firmware Search vendor "Netapp" for product "H500e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H500e Search vendor "Netapp" for product "H500e" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H700e Firmware Search vendor "Netapp" for product "H700e Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H700e Search vendor "Netapp" for product "H700e" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410s Firmware Search vendor "Netapp" for product "H410s Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410s Search vendor "Netapp" for product "H410s" | - | - |
Safe
|
| Netapp Search vendor "Netapp" | H410c Firmware Search vendor "Netapp" for product "H410c Firmware" | - | - |
Affected
| in | Netapp Search vendor "Netapp" | H410c Search vendor "Netapp" for product "H410c" | - | - |
Safe
|
| Xmlsoft Search vendor "Xmlsoft" | Libxml2 Search vendor "Xmlsoft" for product "Libxml2" | 2.9.10 Search vendor "Xmlsoft" for product "Libxml2" and version "2.9.10" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Siemens Search vendor "Siemens" | Sinema Remote Connect Server Search vendor "Siemens" for product "Sinema Remote Connect Server" | < 3.0 Search vendor "Siemens" for product "Sinema Remote Connect Server" and version " < 3.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Smi-s Provider Search vendor "Netapp" for product "Smi-s Provider" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Snapdrive Search vendor "Netapp" for product "Snapdrive" | - | windows |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Steelstore Cloud Integrated Storage Search vendor "Netapp" for product "Steelstore Cloud Integrated Storage" | - | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Symantec Netbackup Search vendor "Netapp" for product "Symantec Netbackup" | - | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Real User Experience Insight Search vendor "Oracle" for product "Real User Experience Insight" | 13.3.1.0 Search vendor "Oracle" for product "Real User Experience Insight" and version "13.3.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Communications Cloud Native Core Network Function Cloud Native Environment Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" | 1.10.0 Search vendor "Oracle" for product "Communications Cloud Native Core Network Function Cloud Native Environment" and version "1.10.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Base Platform Search vendor "Oracle" for product "Enterprise Manager Base Platform" | 13.5.0.0 Search vendor "Oracle" for product "Enterprise Manager Base Platform" and version "13.5.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Mysql Workbench Search vendor "Oracle" for product "Mysql Workbench" | <= 8.0.26 Search vendor "Oracle" for product "Mysql Workbench" and version " <= 8.0.26" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peoplesoft Enterprise Peopletools Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" | 8.58 Search vendor "Oracle" for product "Peoplesoft Enterprise Peopletools" and version "8.58" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Real User Experience Insight Search vendor "Oracle" for product "Real User Experience Insight" | 13.4.1.0 Search vendor "Oracle" for product "Real User Experience Insight" and version "13.4.1.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Real User Experience Insight Search vendor "Oracle" for product "Real User Experience Insight" | 13.5.1.0 Search vendor "Oracle" for product "Real User Experience Insight" and version "13.5.1.0" | - |
Affected
| ||||||