ELS for OS
- CVEs
- Releases
- Projects
- Documentation
Live Patches
ELS for PHP
- CVEs
- Releases
- Projects
- Documentation
ELS for Python
- CVEs
- Releases
- Projects
- Documentation
ELS for Dotnet
- CVEs
- Releases
- Projects
- Documentation
ELS for Node.js
- CVEs
- Releases
- Projects
- Documentation

CVE-2020-24977

Updated: 2026-02-27 03:45:19.999074

Description:

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

Links	NIST	CIRCL	RHEL	Ubuntu

Severity

	Severity	Score
CVSS Version 2.x	MEDIUM	6.4
CVSS Version 3.x	MEDIUM	6.5

Status

OS name	Project name	Version	Score	Severity	Status	Errata	Last updated	Statement
CentOS 6 ELS	libxml2	2.7.6	6.5	MEDIUM	Released	CLSA-2022:1641903536	2022-05-05 12:04:03
CentOS 8.4 ELS	libxml2	2.9.7-9	6.5	MEDIUM	Already Fixed		2023-10-31 09:33:43
CentOS 8.5 ELS	libxml2	2.9.7-9	6.5	MEDIUM	Already Fixed		2023-11-02 11:07:44
CloudLinux 6 ELS	libxml2	2.7.6	6.5	MEDIUM	Released	CLSA-2021:1640697686	2022-04-19 21:49:52
Oracle Linux 6 ELS	libxml2	2.7.6	6.5	MEDIUM	Released	CLSA-2021:1640700669	2022-04-19 21:49:52
Ubuntu 16.04 ELS	libxml2	2.9.3	6.5	MEDIUM	Released	CLSA-2021:1640700710	2022-04-19 21:49:52