Vulnerabilities > CVE-2020-24977 - Out-of-bounds Read vulnerability in multiple products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

LOW

network

low complexity

NVD

Published: 2020-09-04

Updated: 2023-11-07

Summary

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

Vulnerable Configurations

Part	Description	Count
Application	Xmlsoft Xmlsoft Libxml2 2.9.10	1
Application	Netapp Netapp Snapdrive - Netapp Clustered Data Ontap - Netapp Clustered Data Ontap Antivirus Connector - Netapp Active IQ Unified Manager 7.3 Netapp Active IQ Unified Manager 9.5 Netapp Active IQ Unified Manager 9.6 Netapp Active IQ Unified Manager 9.10 Netapp Active IQ Unified Manager 9.11P1 Netapp Manageability Software Development KIT - Netapp Inventory Collect Tool -	14
Application	Oracle Oracle Http Server 12.2.1.3.0 Oracle Http Server 12.2.1.4.0 Oracle Peoplesoft Enterprise Peopletools 8.58 Oracle Enterprise Manager Base Platform 13.4.0.0 Oracle Enterprise Manager Base Platform 13.5.0.0 Oracle Enterprise Manager OPS Center 12.4.0.0 Oracle Mysql Workbench - Oracle Mysql Workbench 5.2.47 Oracle Mysql Workbench 6.0.9 Oracle Mysql Workbench 6.1.7 Oracle Mysql Workbench 6.2.5 Oracle Mysql Workbench 6.3.8 Oracle Mysql Workbench 6.3.10 Oracle Mysql Workbench 8.0.12 Oracle Mysql Workbench 8.0.13 Oracle Mysql Workbench 8.0.14 Oracle Mysql Workbench 8.0.15 Oracle Mysql Workbench 8.0.16 Oracle Mysql Workbench 8.0.17 Oracle Mysql Workbench 8.0.18 Oracle Mysql Workbench 8.0.19 Oracle Mysql Workbench 8.0.20 Oracle Mysql Workbench 8.0.21 Oracle Mysql Workbench 8.0.22 Oracle Mysql Workbench 8.0.23 Oracle Mysql Workbench 8.0.24 Oracle Mysql Workbench 8.0.25 Oracle Mysql Workbench 8.0.26 Oracle Real User Experience Insight 13.4.1.0 Oracle Real User Experience Insight 13.5.1.0 Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0	31
OS	Debian Debian Debian Linux 9.0	1
OS	Fedoraproject Fedoraproject Fedora 31 Fedoraproject Fedora 32 Fedoraproject Fedora 33	3
OS	Opensuse Opensuse Leap 15.1 Opensuse Leap 15.2	2
OS	Netapp Netapp HCI H410C Firmware -	1
Hardware	Netapp Netapp HCI H410C -	1

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

References

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.