#VU24488 Infinite loop


Published: 2020-01-22 | Updated: 2021-04-15

Vulnerability identifier: #VU24488

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7595

CWE-ID: CWE-835

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Libxml2
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in xmlStringLenDecodeEntities in parser.c. A remote attacker can consume all available system resources and cause denial of service conditions in a certain end-of-file situation.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Libxml2: 2.9.10


CPE

External links
http://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability