Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2015-8242

Published: 15/12/2015 Updated: 08/03/2019
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P

Vulnerability Summary

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 prior to 2.9.3 allows context-dependent malicious users to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

Vulnerable Product Search on Vulmon Subscribe to Product

xmlsoft libxml2

hp icewall federation agent 3.0

hp icewall file manager 3.0

apple mac os x

apple watchos

apple tvos

apple iphone os

canonical ubuntu linux 12.04

canonical ubuntu linux 14.04

canonical ubuntu linux 15.04

canonical ubuntu linux 15.10

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux hpc node 6.0

redhat enterprise linux server 6.0

Vendor Advisories

Ubuntu Security Notice: libxml2 vulnerabilities
libxml2 could be made to crash if it opened a specially crafted file ...
Red Hat: Moderate: libxml2 security update
Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Topic Updated libxml2 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scoring ...
Red Hat: Moderate: libxml2 security update
Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Topic Updated libxml2 packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having Moderate securityimpact Common Vulnerability Scoring ...
Debian CVElist Bug Report Logs: libxml2: CVE-2015-8242: Buffer overead with HTML parser in push mode in xmlSAX2TextNode, causes segfault when compiled with ASAN
Debian Bug report logs - #805146 libxml2: CVE-2015-8242: Buffer overead with HTML parser in push mode in xmlSAX2TextNode, causes segfault when compiled with ASAN Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carni ...
Amazon Linux AMI: ALAS-2015-628
A denial of service flaw was found in the way the libxml2 library parsed certain XML files An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory The xmlParseConditionalSections function in parserc in libxml2 does not properly ski ...
Amazon Linux 2: ALAS2-2019-1220
A denial of service flaw was found in libxml2 A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information(CVE-2015-8242) A denial of service flaw was found in libxml2 A remote attacker could provide a specially cr ...
Red Hat: CVE-2015-8242
A denial of service flaw was found in libxml2 A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information ...

References

CWE-119http://rhn.redhat.com/errata/RHSA-2015-2549.htmlhttps://bugzilla.gnome.org/show_bug.cgi?id=756372http://www.openwall.com/lists/oss-security/2015/11/18/23http://www.openwall.com/lists/oss-security/2015/11/17/5http://www.ubuntu.com/usn/USN-2834-1https://bugzilla.redhat.com/show_bug.cgi?id=1281950https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2http://rhn.redhat.com/errata/RHSA-2015-2550.htmlhttp://xmlsoft.org/news.htmlhttps://support.apple.com/HT206166https://support.apple.com/HT206169http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlhttps://support.apple.com/HT206168http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.htmlhttp://lists.apple.com/archives/security-announce/2016/Mar/msg00002.htmlhttps://support.apple.com/HT206167http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlhttp://marc.info/?l=bugtraq&m=145382616617563&w=2https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.securityfocus.com/bid/77681http://rhn.redhat.com/errata/RHSA-2016-1089.htmlhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00031.htmlhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00120.htmlhttps://security.gentoo.org/glsa/201701-37http://www.securitytracker.com/id/1034243https://usn.ubuntu.com/2834-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-8242
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook