GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
References
Link Providers
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00036.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00061.html cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 cve-icon cve-icon
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 cve-icon cve-icon
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NQ5GTDYOVH26PBCPYXXMGW5ZZXWMGZC/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5KTUAGDLEHTH6HU66HBFAFTSQ3OKRAN3/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/674LQPJO2P2XTBTREFR5LOZMBTZ4PZAY/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7KQXOHIE3MNY3VQXEN7LDQUJNIHOVHAW/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ENEHQIBMSI6TZVS35Y6I4FCTYUQDLJVP/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H3IQ7OQXBKWD3YP7HO6KCNOMLE5ZO2IR/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J3ICASXZI2UQYFJAOQWHSTNWGED3VXOE/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCHXIWR5DHYO3RSO7RAHEC6VJKXD2EH2/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7MEWYKIKMV2SKMGH4IDWVU3ZGJXBCPQ/ cve-icon cve-icon
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RIQAMBA2IJUTQG5VOP5LZVIZRNCKXHEQ/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2020-24977 cve-icon
https://security.gentoo.org/glsa/202107-05 cve-icon cve-icon
https://security.netapp.com/advisory/ntap-20200924-0001/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2020-24977 cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujul2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-09-03T23:20:35

Updated: 2024-08-04T15:26:08.992Z

Reserved: 2020-08-28T00:00:00

Link: CVE-2020-24977

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-09-04T00:15:10.693

Modified: 2024-11-21T05:16:15.740

Link: CVE-2020-24977

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-09-04T00:00:00Z

Links: CVE-2020-24977 - Bugzilla