Lucene search

K

[email protected]NVD:CVE-2015-8241

HistoryDec 15, 2015 - 9:59 p.m.

CVE-2015-8241

2015-12-1521:59:06

CWE-119

[email protected]

web.nvd.nist.gov

2

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.3 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.8%

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

Affected configurations

NVD

Node

debiandebian_linuxMatch7.0

OR

debiandebian_linuxMatch8.0

Node

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_hpc_nodeMatch6.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_workstationMatch6.0

Node

hpicewall_federation_agentMatch3.0

OR

hpicewall_file_managerMatch3.0

Node

canonicalubuntu_linuxMatch12.04lts

OR

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch15.04

OR

canonicalubuntu_linuxMatch15.10

Node

xmlsoftlibxml2Range≤2.9.2

References

lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

marc.info/?l=bugtraq&m=145382616617563&w=2

rhn.redhat.com/errata/RHSA-2015-2549.html

rhn.redhat.com/errata/RHSA-2015-2550.html

rhn.redhat.com/errata/RHSA-2016-1089.html

www.debian.org/security/2015/dsa-3430

www.openwall.com/lists/oss-security/2015/11/17/5

www.openwall.com/lists/oss-security/2015/11/18/23

www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/77621

www.securitytracker.com/id/1034243

www.ubuntu.com/usn/USN-2834-1

bugzilla.gnome.org/show_bug.cgi?id=756263

bugzilla.redhat.com/show_bug.cgi?id=1281936

git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.3 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.8%

Related for NVD:CVE-2015-8241

ubuntucve1 prion1 cve1 veracode4 cvelist1 debiancve1 nessus28 ibm12 openvas15 aix1 osv1 debian3 cloudfoundry1 ubuntu1 mageia1 oraclelinux2 centos2 redhat2 rubygems1 freebsd1 f51 amazon2 rosalinux1 suse1 tenable1