Описание
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
It was discovered that libxml2 could access out-of-bounds memory when parsing unclosed HTML comments. A remote attacker could provide a specially crafted XML file that, when processed by an application linked against libxml2, could cause the application to disclose heap memory contents.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libxml2 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 2 | libxml2 | Will not fix | ||
| Red Hat Enterprise Linux 6 | libxml2 | Fixed | RHSA-2015:2549 | 07.12.2015 |
| Red Hat Enterprise Linux 7 | libxml2 | Fixed | RHSA-2015:2550 | 07.12.2015 |
| Red Hat JBoss Web Server 3.0 | libxml2 | Fixed | RHSA-2016:1089 | 17.05.2016 |
Показывать по
Дополнительная информация
Статус:
5.8 Medium
CVSS2
Связанные уязвимости
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.
The htmlParseComment function in HTMLparser.c in libxml2 allows attack ...
5.8 Medium
CVSS2