CVE-2020-7595
Advisory lineage Upstream: 0 Downstream: 20
Modified
Published: 21 Jan 2020, 22:54
Last modified:03 Dec 2025, 15:50
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.48% LOW
0% probability +0.01%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
21 Jan 2020, 22:54
Published
Vulnerability first disclosed
03 Dec 2025, 15:50
Last Modified
Vulnerability information updated
Description
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVSS Metrics
- v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 0.48%• Percentile: 65%
Techniques & Countermeasures
- CWE-835•Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Systems
- canonical•ubuntu_linux
12.04 | 14.04 | 16.04 | 18.04 | 19.10
- debian•debian_linux
9.0
- fedoraproject•fedora
30 | 31 | 32
- netapp•clustered_data_ontap
na
- netapp•h300e
na
- netapp•h300s_firmware
na
- netapp•h410c_firmware
na
- netapp•h410s_firmware
na
- netapp•h500e
na
- netapp•h500s_firmware
na
- netapp•h700e
na
- netapp•h700s_firmware
na
- netapp•smi-s_provider
na
- netapp•snapdrive
na
- netapp•steelstore_cloud_integrated_storage
na
- netapp•symantec_netbackup
na
- oracle•communications_cloud_native_core_network_function_cloud_native_environment
1.10.0
- oracle•enterprise_manager_base_platform
13.4.0.0 | 13.5.0.0
- oracle•enterprise_manager_ops_center
12.4.0.0
- oracle•mysql_workbench
≤ 8.0.26
- oracle•peoplesoft_enterprise_peopletools
8.58
- oracle•real_user_experience_insight
13.3.1.0 | 13.4.1.0 | 13.5.1.0
- siemens•sinema_remote_connect_server
< 3.0
- xmlsoft•libxml2
2.9.10
References (15)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/545SPOI3ZPPNPX4TFRIVE4JVRTJRKULL/
- https://usn.ubuntu.com/4274-1/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R55ZR52RMBX24TQTWHCIWKJVRV6YAWI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDPF3AAVKUAKDYFMFKSIQSVVS3EEFPQH/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00047.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://security.netapp.com/advisory/ntap-20200702-0005/
- https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076
- https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
- https://security.gentoo.org/glsa/202010-04
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
- https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html