{
  "threat_severity" : "Moderate",
  "public_date" : "2020-01-21T00:00:00Z",
  "bugzilla" : {
    "description" : "libxml2: memory leak in xmlSchemaPreRun in xmlschemas.c",
    "id" : "1799734",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1799734"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-401",
  "details" : [ "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.", "A memory leak was found in the xmlSchemaValidateStream function of libxml2. Applications that use this library may be vulnerable to memory not being freed leading to a denial of service. System availability is the highest threat from this vulnerability." ],
  "affected_release" : [ {
    "product_name" : "JBoss Core Services on RHEL 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6",
    "package" : "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6"
  }, {
    "product_name" : "JBoss Core Services on RHEL 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6",
    "package" : "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6"
  }, {
    "product_name" : "JBoss Core Services on RHEL 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6",
    "package" : "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6"
  }, {
    "product_name" : "JBoss Core Services on RHEL 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6",
    "package" : "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6"
  }, {
    "product_name" : "JBoss Core Services on RHEL 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6",
    "package" : "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el6"
  }, {
    "product_name" : "JBoss Core Services on RHEL 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6",
    "package" : "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6"
  }, {
    "product_name" : "JBoss Core Services on RHEL 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6",
    "package" : "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6"
  }, {
    "product_name" : "JBoss Core Services on RHEL 6",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el6",
    "package" : "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_jk-0:1.2.48-4.redhat_1.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7"
  }, {
    "product_name" : "JBoss Core Services on RHEL 7",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2644",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1::el7",
    "package" : "jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:3996",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libxml2-0:2.9.1-6.el7.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4479",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "libxml2-0:2.9.7-8.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-11-04T00:00:00Z",
    "advisory" : "RHSA-2020:4479",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "libxml2-0:2.9.7-8.el8"
  }, {
    "product_name" : "Red Hat OpenShift Do",
    "release_date" : "2021-03-22T00:00:00Z",
    "advisory" : "RHSA-2021:0949",
    "cpe" : "cpe:/a:redhat:openshift_do:1.0::el7",
    "package" : "openshiftdo/odo-init-image-rhel7:1.1.3-2"
  }, {
    "product_name" : "Text-Only JBCS",
    "release_date" : "2020-06-22T00:00:00Z",
    "advisory" : "RHSA-2020:2646",
    "cpe" : "cpe:/a:redhat:jboss_core_services:1",
    "package" : "libxml2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Affected",
    "package_name" : "system",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-20388\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-20388" ],
  "name" : "CVE-2019-20388",
  "csaw" : false
}