Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2015-8241
HistoryDec 15, 2015 - 9:59 p.m.

CVE-2015-8241

2015-12-1521:59:06
Debian Security Bug Tracker
security-tracker.debian.org
24

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS

0.011

Percentile

84.8%

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

EPSS

0.011

Percentile

84.8%