#VU24487 Memory leak in Libxml2


Published: 2020-01-22

Vulnerability identifier: #VU24487

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-20388

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Libxml2
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in xmlSchemaPreRun in xmlschemas.c. A remote attacker can trigger a xmlSchemaValidateStream memory leak and perform denial of service attack.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Libxml2: 2.9.10

CPE

External links
http://gitlab.gnome.org/GNOME/libxml2/merge_requests/68

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in IBM QRadar Network Security
Multiple vulnerabilities in Hitachi Energy APM Edge
CentOS 7 update for libxml2
Multiple vulnerabilities in cflinuxfs3
Ubuntu update for libxml2
Multiple vulnerabilities in Red Hat OpenShift Serverless
SUSE update for libxml2
Multiple vulnerabilities in Red Hat Ansible Automation Platform 1.2
Multiple vulnerabilities in Red Hat OpenShift Serverless
Multiple vulnerabilities in Red Hat Quay