CVE-2019-20388

Name
CVE-2019-20388
Description
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
CONFIRM https://security.netapp.com/advisory/ntap-20200702-0005/
MISC https://www.oracle.com/security-alerts/cpujul2020.html
MLIST https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
GENTOO https://security.gentoo.org/glsa/202010-04
MISC https://www.oracle.com/security-alerts/cpuoct2021.html
cve@mitre.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
cve@mitre.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
cve@mitre.org https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
Patch https://www.oracle.com/security-alerts/cpuapr2022.html
cve@mitre.org https://www.oracle.com/security-alerts/cpujul2022.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:xmlsoft:libxml2:2.9.10:*:*:*:*:*:*:* libxml2 == None == 2.9.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libxml2.13 edge-main 2.9.10-r4 None fixed
libxml2 edge-main 2.9.10-r7 Carlo Landmeter <clandmeter@alpinelinux.org> fixed
libxml2 edge-main 2.9.10-r5 None fixed
libxml2 edge-main 2.9.10-r4 None fixed
libxml2 3.22-main 2.9.10-r5 None fixed
libxml2 3.22-main 2.9.10-r4 None fixed
libxml2 3.21-main 2.9.10-r5 None fixed
libxml2 3.21-main 2.9.10-r4 None fixed
libxml2 3.20-main 2.9.10-r5 None fixed
libxml2 3.20-main 2.9.10-r4 None fixed
libxml2 3.19-main 2.9.10-r5 None fixed
libxml2 3.19-main 2.9.10-r4 None fixed
libxml2 3.18-main 2.9.10-r4 None fixed
libxml2 3.17-main 2.9.10-r4 None fixed
libxml2 3.12-main 2.9.10-r6 Carlo Landmeter <clandmeter@gmail.com> fixed
libxml2 3.12-main 2.9.10-r4 None fixed
libxml2 3.11-main 2.9.10-r5 Carlo Landmeter <clandmeter@gmail.com> fixed
libxml2 3.11-main 2.9.10-r3 None fixed