CVE-2015-8242

Published Dec 15, 2015

Last updated 19 days ago

CVSS info 5.8

Overview

Description: The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
Source: cve@mitre.org
NVD status: Modified
Products: libxml2, icewall_federation_agent, icewall_file_manager, iphone_os, mac_os_x, tvos, watchos, ubuntu_linux, enterprise_linux_desktop, enterprise_linux_hpc_node, enterprise_linux_server, enterprise_linux_workstation

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "692D866C-F7D7-437B-BAC3-CCE024626B4D",
            "versionEndIncluding": "2.9.2",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "B3261B40-5CBE-4AA6-990A-0A7BE96E5518",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "EDAB86FF-C732-4022-B1F4-D1CE28FBF0D0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "080450EA-85C1-454D-98F9-5286D69CF237",
            "versionEndIncluding": "9.2.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "D3C6DA6A-9C87-4B7B-A52D-A66276B5DE82",
            "versionEndIncluding": "10.11.3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "B7CF16CB-120B-4FC0-B7A2-2FCD3324EA8A",
            "versionEndIncluding": "9.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "FBF14807-BA21-480B-9ED0-A6D53352E87F",
            "versionEndIncluding": "2.1",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
            "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

Related CVEs

References