Описание
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libxml2 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | libxml2 | Affected | ||
| Red Hat JBoss Enterprise Web Server 2 | libxml2 | Will not fix | ||
| Red Hat Enterprise Linux 6 | libxml2 | Fixed | RHSA-2015:2549 | 07.12.2015 |
| Red Hat Enterprise Linux 7 | libxml2 | Fixed | RHSA-2015:2550 | 07.12.2015 |
| Red Hat JBoss Web Server 3.0 | libxml2 | Fixed | RHSA-2016:1089 | 17.05.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ...
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
Уязвимость библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.3 Medium
CVSS2