Global Buffer Over-Read Vulnerability in GNOME Project's libxml2
CVE-2020-24977

6.5MEDIUM

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Vendor
CVE Published:
4 September 2020

What is CVE-2020-24977?

A global buffer over-read vulnerability has been identified in the GNOME project’s libxml2 library, specifically located in the xmlEncodeEntitiesInternal function within entities.c. This vulnerability could potentially allow an attacker to exploit the over-read condition, leading to the exposure of sensitive information. It is crucial for users of libxml2 v2.9.10 to update to the patched version following commit 50f06b3e to mitigate this issue.

References

https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/09/msg0...
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.