CVE-2019-19956
Published: 24 December 2019
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
Notes
Author | Note |
---|---|
ccdm94 | the fix for this issue, made available with commit 5a02583c, was reverted in version 2.9.11 with commit a0a8059b, since it seems like the fix introduced various memory issues in libxml2. More information regarding this choice made by upstream can be seen at: https://gitlab.gnome.org/GNOME/libxml2/-/issues/161 |
Priority
Status
Package | Release | Status |
---|---|---|
libxml2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.9.4+dfsg1-6.1ubuntu1.3)
|
disco |
Ignored
(end of life)
|
|
eoan |
Released
(2.9.4+dfsg1-7ubuntu3.1)
|
|
focal |
Released
(2.9.10+dfsg-1ubuntu2)
|
|
trusty |
Released
(2.9.1+dfsg1-3ubuntu4.13+esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(2.9.10)
|
|
xenial |
Released
(2.9.3+dfsg1-1ubuntu0.7)
|
|
Patches: upstream: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |