CVE-2019-19956

Published: Dec 24, 2019Modified: Dec 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Affected (18)

Products: Xmlsoft: Libxml2 · Debian: Debian Linux · Oracle: Real User Experience Insight · +4 more

Show all products

Xmlsoft: Libxml2 · Debian: Debian Linux · Oracle: Real User Experience Insight · Fedoraproject: Fedora · Canonical: Ubuntu Linux · Netapp: Active Iq Unified Manager, Clustered Data Ontap, Clustered Data Ontap Antivirus Connector, Manageability Software Development Kit, Ontap Select Deploy Administration Utility, Steelstore Cloud Integrated Storage · Siemens: Sinema Remote Connect Server

1 product

1 product

1 product

Real User Experience Insight

1 product

1 product

6 products

Active Iq Unified Manager

Clustered Data Ontap

Clustered Data Ontap Antivirus Connector

Manageability Software Development Kit

Ontap Select Deploy Administration Utility

Steelstore Cloud Integrated Storage

1 product

Sinema Remote Connect Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xmlsoft Libxml2	Before 2.9.10

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Real User Experience Insight	Version 13.3.1.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 32

Configuration E

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.10

Configuration F

6 vulnerable

Vulnerable Software	Affected Versions
Netapp Active Iq Unified Manager	All versions
Netapp Clustered Data Ontap	All versions
Netapp Clustered Data Ontap Antivirus Connector	All versions
Netapp Manageability Software Development Kit	All versions
Netapp Ontap Select Deploy Administration Utility	All versions
Netapp Steelstore Cloud Integrated Storage	All versions

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Remote Connect Server	Before 3.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (24)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

Source: cve@mitre.org

Broken Link

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

Source: cve@mitre.org

Third Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20200114-0002/

Source: cve@mitre.org

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://usn.ubuntu.com/4274-1/

Source: cve@mitre.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20200114-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://usn.ubuntu.com/4274-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.