CVE-2019-20199

Published: Dec 31, 2019Updated: Nov 21, 2024 Sources: CVE List NVD BDUCWE-125

6.5MEDIUM

NVD MITRE

Description

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.

No summary for this CVE yet.

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:RUser Interaction

Required

Scope

S:UScope

Unchanged

Impact

C:NConfidentiality

None

I:NIntegrity

None

A:HAvailability

High

Open in CVSS calculator →

Weaknesses

CWE-125 CWE-476

Affected Products

ezxml ezxml project

On-prem

OSS Libraries / generic-library

n/a n/a

Debian GNU/Linux Сообщество свободного программного обеспечения

On-premOS

Operating Systems / linux-distro

Astra Linux Special Edition ООО «РусБИТех-Астра»

On-premOS

Operating Systems / linux-distro

PnetCDF Argonne National Laboratory and Northwestern University

On-prem

OSS Libraries / generic-library

ezxml projectoss-projectOSS Librariesaka ezxml

сообщество свободного программного обеспеченияoss-projectOperating Systemsaka сообщество свободного программного обеспечения, fsf

ооо «русбитех-астра»commercialRUOperating Systemsaka rusbitech-astra

argonne national laboratory and northwestern universityoss-projectUSOSS Librariesaka argonne, northwestern university, pnetcdf, pnetcdf library

and 4 more affected products View all →

Exploitability

1 exploit source identified

Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.

View exploit details

Official Patch Available

No detection template yetWe can run the check for you — a free external exposure review, no install. Check my exposure

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

MITRE ATT&CK

3 techniques

Collection

Impact

Initial Access

View detailed technique mapping

References

https://sourceforge.net/p/ezxml/bugs/18/

sourceforge.net

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989360

bugs.debian.org

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989361

bugs.debian.org

and 6 more references View all →

Timeline

Published

Dec 31, 2019

Last Updated

Nov 21, 2024

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2019-20199 and every CVE in our database. Create a free account — no credit card required.

Create Free Account

Plain-language analysis

Impact assessment and exploitation scenario in plain English

Attack graph visualization

Interactive attack path and kill chain mapping

Exploit details & PoC links

ExploitDB, Metasploit, GitHub PoCs with direct links

Nuclei scanner templates

Ready-to-use vulnerability scanner templates

Full remediation guide

Patch instructions, workarounds, and compliance impact

Interactive AI chat

Ask questions about this vulnerability in natural language

Related vulnerabilities

Semantically similar CVEs and attack patterns

REST API & MCP access

Integrate vulnerability data into your workflows