CVE-2019-19956

moderate-risk

Published 2019-12-24

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Do I need to act?

0.15% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (18)

Libxml2

Debian Linux

Real User Experience Insight

Fedora

Ubuntu Linux

Active Iq Unified Manager

Clustered Data Ontap

Clustered Data Ontap Antivirus Connector

Manageability Software Development Kit

Ontap Select Deploy Administration Utility

Steelstore Cloud Integrated Storage

Sinema Remote Connect Server

Ubuntu Linux

Affected Vendors

Debian Oracle Siemens Xmlsoft Canonical Fedoraproject Netapp

References (24)

Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

Patch https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b...

Mailing List https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.netapp.com/advisory/ntap-20200114-0002/

Third Party Advisory https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

Third Party Advisory https://usn.ubuntu.com/4274-1/

Third Party Advisory https://www.oracle.com/security-alerts/cpujul2020.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

Third Party Advisory https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

Patch https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b...

Mailing List https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

Mailing List https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

and 4 more references

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate