CVE-2019-19956

Published: Dic 24, 2019 Last Modified: Dic 03, 2025 EU-VD ID: EUVD-2019-9544 Aliases: GSD-2019-19956
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0015
Percentile
0,4th
Updated

EPSS Score Trend (Last 90 Days)

401

Missing Release of Memory after Effective Lifetime

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Instability Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Reduce Performance
Applicable Platforms
Languages: C, C++, Not Language-Specific
Likelihood of Exploit: Medium
View CWE Details
772

Missing Release of Resource after Effective Lifetime

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Resource Consumption (Other) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Cpu)
Applicable Platforms
Technologies: Mobile
Likelihood of Exploit: High
View CWE Details
Application

Clustered Data Ontap by Netapp

Product Information
Vendor Netapp
Product Clustered Data Ontap
Version -
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 18.04
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 32
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Active Iq Unified Manager by Netapp

Product Information
Vendor Netapp
Product Active Iq Unified Manager
Version -
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Clustered Data Ontap Antivirus Connector by Netapp

Product Information
Vendor Netapp
Product Clustered Data Ontap Antivirus Connector
Version -
cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 14.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Fedora by Fedoraproject

Product Information
Vendor Fedoraproject
Product Fedora
Version 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Real User Experience Insight by Oracle

Product Information
Vendor Oracle
Product Real User Experience Insight
Version 13.3.1.0
cpe:2.3:a:oracle:real_user_experience_insight:13.3.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Libxml2 by Xmlsoft

Product Information
Vendor Xmlsoft
Product Libxml2
Version Range Affected
To 2.9.10 (exclusive)
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 12.04
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Manageability Software Development Kit by Netapp

Product Information
Vendor Netapp
Product Manageability Software Development Kit
Version -
cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Ontap Select Deploy Administration Utility by Netapp

Product Information
Vendor Netapp
Product Ontap Select Deploy Administration Utility
Version -
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Steelstore Cloud Integrated Storage by Netapp

Product Information
Vendor Netapp
Product Steelstore Cloud Integrated Storage
Version -
cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Sinema Remote Connect Server by Siemens

Product Information
Vendor Siemens
Product Sinema Remote Connect Server
Version Range Affected
To 3.0 (exclusive)
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Ubuntu Linux by Canonical

Product Information
Vendor Canonical
Product Ubuntu Linux
Version 16.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://lists.opensuse.org/opensuse-security-announce/2020-0…
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2020-0…
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.…
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683…
https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9…
https://lists.debian.org/debian-lts-announce/2019/12/msg000…
https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/09/msg000…
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.netapp.com/advisory/ntap-20200114-0002/
https://security.netapp.com/advisory/ntap-20200114-0002/
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
https://usn.ubuntu.com/4274-1/
https://usn.ubuntu.com/4274-1/
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2020.html
http://lists.opensuse.org/opensuse-security-announce/2020-0…
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2020-0…
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.…
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683…
https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9…
https://lists.debian.org/debian-lts-announce/2019/12/msg000…
https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html
https://lists.debian.org/debian-lts-announce/2020/09/msg000…
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://lists.fedoraproject.org/archives/list/package-annou…
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapr…
https://security.netapp.com/advisory/ntap-20200114-0002/
https://security.netapp.com/advisory/ntap-20200114-0002/
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
https://usn.ubuntu.com/4274-1/
https://usn.ubuntu.com/4274-1/
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpujul2020.html