CVE-2020-7595

Published: Jan 22, 2020
Updated: Nov 8, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7595" target="_blank" rel="noopener"> CVE-2020-7595
GHSA: <a href="https://github.com/advisories/GHSA-7553-jr98-vx47" target="_blank" rel="noopener"> GHSA-7553-jr98-vx47
Severity: High
Exploit:

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVSS v3:

CVSS v2:

CWEs:

Software	From	Fixed in
xmlsoft / libxml2	2.9.10	2.9.10.x
fedoraproject / fedora	30	30.x
fedoraproject / fedora	31	31.x
fedoraproject / fedora	32	32.x
canonical / ubuntu_linux	16.04	16.04.x
canonical / ubuntu_linux	18.04	18.04.x
canonical / ubuntu_linux	14.04	14.04.x
canonical / ubuntu_linux	19.10	19.10.x
canonical / ubuntu_linux	12.04	12.04.x
debian / debian_linux	9.0	9.0.x
siemens / sinema_remote_connect_server	-	3.0
oracle / real_user_experience_insight	13.3.1.0	13.3.1.0.x
oracle / peoplesoft_enterprise_peopletools	8.58	8.58.x
oracle / enterprise_manager_base_platform	13.4.0.0	13.4.0.0.x
oracle / enterprise_manager_ops_center	12.4.0.0	12.4.0.0.x
oracle / enterprise_manager_base_platform	13.5.0.0	13.5.0.0.x
oracle / mysql_workbench	-	8.0.26.x
oracle / real_user_experience_insight	13.4.1.0	13.4.1.0.x
oracle / real_user_experience_insight	13.5.1.0	13.5.1.0.x
oracle / communications_cloud_native_core_network_function_cloud_native_environment	1.10.0	1.10.0.x
nokogiri	-	1.10.8