PT-2019-5584 · Libxml2+5 · Libxml2+5

Publicado

2019-08-07

Atualizado

2025-12-03

CVE-2019-19956

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.10

Description The issue is related to a memory leak in the xmlParseBalancedChunkMemoryRecover function in the parser.c file of the libxml2 library. This memory leak is associated with newDoc->oldNs. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.9.10, update to version 2.9.10 or later to resolve the memory leak issue. As a temporary workaround, consider restricting the use of the xmlParseBalancedChunkMemoryRecover function in parser.c until a patch is available.

Correção

Missing Release of Resource after Effective Lifetime

Memory Leak

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772CWE-401

Identificadores relacionados

ALT-PU-2019-3074

ALT-PU-2019-3079

BDU:2020-04513

CESA-2020_3996

CESA-2020_4479

CVE-2019-19956

DLA-2048-1

DLA-2369-1

MGASA-2020-0020

MGASA-2020-0271

OESA-2022-1582

OPENSUSE-SU-2020:0681-1

OPENSUSE-SU-2020:0781-1

OPENSUSE-SU-2020_0681-1

OPENSUSE-SU-2020_0781-1

OPENSUSE-SU-2024:11016-1

RHSA-2020:2644

RHSA-2020:3996

RHSA-2020:4479

RHSA-2020_3996

RHSA-2020_4479

SUSE-SU-2020:1299-1

SUSE-SU-2020:1532-1

SUSE-SU-2020:1532-2

SUSE-SU-2020:2609-1

SUSE-SU-2020_1299-1

SUSE-SU-2020_1532-1

SUSE-SU-2020_1532-2

SUSE-SU-2020_2609-1

SUSE-SU-2021:14729-1

SUSE-SU-2021_14729-1

USN-4274-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libxml2

PT-2019-5584 · Libxml2+5 · Libxml2+5

CVE-2019-19956

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 96