CVE-2015-5312

Severity

71%

Complexity

86%

Confidentiality

115%

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

CVSS 2.0 Base Score 7.1. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:C).

Overview

First reported 9 years ago

2015-12-15 21:59:00

Last updated 5 years ago

2019-03-08 16:06:00

Affected Software

Canonical Ubuntu Linux 12.04 LTS

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 15.04

15.04

Canonical Ubuntu Linux 15.10

15.10

Red Hat Enterprise Linux Desktop 6.0

6.0

RedHat Enterprise Linux HPC Node 6.0

6.0

Red Hat Enterprise Linux Server 6.0

6.0

Red Hat Enterprise Linux Workstation 6.0

6.0

Apple Mac OS X

XMLSoft Libxml2

HP IceWall Federation Agent 3.0

3.0

HP IceWall File Manager 3.0

3.0

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

References

APPLE-SA-2016-03-21-1

APPLE-SA-2016-03-21-2

APPLE-SA-2016-03-21-3

Third Party Advisory

APPLE-SA-2016-03-21-5

Mailing List

openSUSE-SU-2015:2372

openSUSE-SU-2016:0106

HPSBGN03537

Third Party Advisory

RHSA-2015:2549

Third Party Advisory

RHSA-2015:2550

Third Party Advisory

RHSA-2016:1089

DSA-3430

Third Party Advisory

http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

79536

1034243

USN-2834-1

Third Party Advisory

http://xmlsoft.org/news.html

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1276693

Issue Tracking

https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172

Third Party Advisory

GLSA-201701-37

https://support.apple.com/HT206166

Vendor Advisory

https://support.apple.com/HT206167

Vendor Advisory

https://support.apple.com/HT206168

Vendor Advisory

https://support.apple.com/HT206169

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.