CVE-2015-8035

Опубликовано: 02 нояб. 2015

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.

Отчет

This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include support for LZMA compression support.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	libxml2	Not affected
Red Hat Enterprise Linux 6	libxml2	Not affected
Red Hat JBoss Enterprise Web Server 2	libxml2	Will not fix
Red Hat Ansible Tower 3.5 for RHEL 7	ansible-tower-35/ansible-tower	Fixed	RHBA-2020:1539	22.04.2020
Red Hat Ansible Tower 3.6 for RHEL 7	ansible-tower-36/ansible-tower	Fixed	RHBA-2020:1540	22.04.2020
Red Hat Enterprise Linux 7	libxml2	Fixed	RHSA-2020:1190	31.03.2020
Red Hat JBoss Web Server 3.0	libxml2	Fixed	RHSA-2016:1089	17.05.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-252

https://bugzilla.redhat.com/show_bug.cgi?id=1277146libxml2: DoS caused by incorrect error detection during XZ decompression

EPSS

Процентиль: 77%

0.01051

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2015-8035

ubuntu

около 10 лет назад

CVE-2015-8035

nvd

около 10 лет назад

CVE-2015-8035

debian

около 10 лет назад

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...

GHSA-cprg-r8c2-9m62

github

больше 3 лет назад

BDU:2015-12119

CVSS3: 7.3

fstec

около 10 лет назад

Уязвимость функции xz_decomp библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 77%

0.01051

Низкий

4.3 Medium

CVSS2