Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-8242

Опубликовано: 15 дек. 2015
Источник: debian
EPSS Низкий

Описание

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxml2fixed2.9.3+dfsg1-1package
libxml2not-affectedjessiepackage
libxml2not-affectedwheezypackage
libxml2not-affectedsqueezepackage

Примечания

  • https://bugzilla.gnome.org/show_bug.cgi?id=756372

  • Introduced by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)

  • Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/8fb4a770075628d6441fb17a1e435100e2f3b1a2 (v2.9.3)

EPSS

Процентиль: 81%
0.01661
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-8242

ubuntu
почти 10 лет назад

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

redhat логотип

CVE-2015-8242

redhat
около 10 лет назад

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

nvd логотип

CVE-2015-8242

nvd
почти 10 лет назад

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

github логотип

GHSA-f254-qfhg-6649

github
больше 3 лет назад

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

fstec логотип

BDU:2016-01647

fstec
почти 10 лет назад

Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или получить конфиденциальную информацию

EPSS

Процентиль: 81%
0.01661
Низкий