Lucene search

Veracode Vulnerability DatabaseVERACODE:25098

HistoryApr 29, 2020 - 2:42 a.m.

Denial Of Service (DoS)

2020-04-2902:42:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

JSON

libxml2 is vulnerable to denial of service (DoS). The vulnerability exists through an infinite loop in xz_decomp function in xzlib.c.

CPENameOperatorVersion
libxml2eq2.9.7__5.el8
libxml2eq2.9.7__5.el8

CPE	Name	Operator	Version
	libxml2	eq	2.9.7__5.el8
	libxml2	eq	2.9.7__5.el8

References

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index

access.redhat.com/errata/RHSA-2020:1827

access.redhat.com/security/updates/classification/#moderate

bugzilla.gnome.org/show_bug.cgi?id=794914

lists.debian.org/debian-lts-announce/2018/09/msg00035.html

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

JSON

Related for VERACODE:25098