CVEs-PoC/2020/CVE-2020-24977.md

### [CVE-2020-24977](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24977)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

### POC

#### Reference
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html

#### Github
- https://github.com/404notf0und/CVE-Flow
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Exein-io/kepler
- https://github.com/arindam0310018/04-Apr-2022-DevOps__Scan-Images-In-ACR-Using-Trivy