Search

Find a vulnerability

Search criteria

    36 vulnerabilities found for icewall_federation_agent by hp

    CVE-2016-9597 (GCVE-0-2016-9597)

    Vulnerability from nvd – Published: 2018-07-30 14:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat libxml2 Affected: all
    Create a notification for this product.
    Date Public
    2016-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:03.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98567",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98567"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libxml2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "datePublic": "2016-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-31T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "98567",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98567"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9597",
        "datePublished": "2018-07-30T14:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:03.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8945 (GCVE-0-2017-8945)

    Vulnerability from nvd – Published: 2018-02-15 22:00 – Updated: 2024-09-17 00:46
    VLAI
    Summary
    A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.
    Severity
    No CVSS data available.
    CWE
    • Remote Unauthorized Disclosure of Information
    Assigner
    hpe
    References
    URL Tags
    http://www.securityfocus.com/bid/98711 vdb-entryx_refsource_BID
    https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038570 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-05-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:48:22.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98711",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98711"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03737en_us"
              },
              {
                "name": "1038570",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038570"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IceWall Federation Agent",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "v3.0"
                }
              ]
            }
          ],
          "datePublic": "2017-05-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Unauthorized Disclosure of Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-16T15:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "name": "98711",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98711"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03737en_us"
            },
            {
              "name": "1038570",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038570"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-26T00:00:00",
              "ID": "CVE-2017-8945",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IceWall Federation Agent",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Unauthorized Disclosure of Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98711",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98711"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03737en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03737en_us"
                },
                {
                  "name": "1038570",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038570"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-8945",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-05-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:46:53.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6306 (GCVE-0-2016-6306)

    Vulnerability from nvd – Published: 2016-09-26 00:00 – Updated: 2024-08-06 01:29
    VLAI
    Summary
    The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.tenable.com/security/tns-2016-20
    https://access.redhat.com/errata/RHSA-2018:2185 vendor-advisory
    https://access.redhat.com/errata/RHSA-2018:2186 vendor-advisory
    http://www.securityfocus.com/bid/93153 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2016-1940.html vendor-advisory
    https://security.gentoo.org/glsa/201612-16 vendor-advisory
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://support.hpe.com/hpsc/doc/public/display?d…
    http://www.securitytracker.com/id/1036885 vdb-entry
    https://www.tenable.com/security/tns-2016-16
    https://www.tenable.com/security/tns-2016-21
    https://bto.bluecoat.com/security-advisory/sa132
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://access.redhat.com/errata/RHSA-2018:2187 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://kb.juniper.net/InfoCenter/index?page=conte…
    https://kc.mcafee.com/corporate/index?page=conten…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-3087-1 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-3087-2 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://seclists.org/fulldisclosure/2017/Jul/31 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://support.hpe.com/hpsc/doc/public/display?d…
    http://www.debian.org/security/2016/dsa-3673 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://h20566.www2.hpe.com/hpsc/doc/public/displ…
    https://support.f5.com/csp/article/K90492697
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.huawei.com/en/psirt/security-advisorie…
    https://www.oracle.com/security-alerts/cpuapr2020.html
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/security-alerts/cpujul2020.html
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/security-alerts/cpujan2020.html
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/topics/security…
    http://www-01.ibm.com/support/docview.wss?uid=swg…
    https://nodejs.org/en/blog/vulnerability/septembe…
    http://www.oracle.com/technetwork/topics/security…
    https://www.openssl.org/news/secadv/20160922.txt
    https://git.openssl.org/?p=openssl.git%3Ba=commit…
    https://www.oracle.com/security-alerts/cpuoct2020.html
    https://www.arista.com/en/support/advisories-noti…
    https://cert-portal.siemens.com/productcert/pdf/s…
    Date Public
    2016-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:29:18.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-20"
              },
              {
                "name": "RHSA-2018:2185",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2185"
              },
              {
                "name": "RHSA-2018:2186",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2186"
              },
              {
                "name": "93153",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93153"
              },
              {
                "name": "RHSA-2016:1940",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
              },
              {
                "name": "GLSA-201612-16",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201612-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
              },
              {
                "name": "1036885",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036885"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa132"
              },
              {
                "name": "FreeBSD-SA-16:26",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
              },
              {
                "name": "SUSE-SU-2016:2470",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
              },
              {
                "name": "RHSA-2018:2187",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2187"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
              },
              {
                "name": "SUSE-SU-2017:2700",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
              },
              {
                "name": "USN-3087-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3087-1"
              },
              {
                "name": "SUSE-SU-2016:2469",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
              },
              {
                "name": "openSUSE-SU-2016:2537",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
              },
              {
                "name": "USN-3087-2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3087-2"
              },
              {
                "name": "SUSE-SU-2017:2699",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
              },
              {
                "name": "openSUSE-SU-2016:2407",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
              },
              {
                "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
              },
              {
                "name": "SUSE-SU-2016:2458",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
              },
              {
                "name": "DSA-3673",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3673"
              },
              {
                "name": "openSUSE-SU-2016:2391",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
              },
              {
                "name": "openSUSE-SU-2018:0458",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
              },
              {
                "name": "SUSE-SU-2016:2387",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K90492697"
              },
              {
                "name": "SUSE-SU-2016:2468",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
              },
              {
                "name": "openSUSE-SU-2016:2496",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
              },
              {
                "name": "SUSE-SU-2016:2394",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20160922.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2016-20"
            },
            {
              "name": "RHSA-2018:2185",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "93153",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/93153"
            },
            {
              "name": "RHSA-2016:1940",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
            },
            {
              "name": "GLSA-201612-16",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201612-16"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
            },
            {
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "name": "1036885",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1036885"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-16"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-21"
            },
            {
              "url": "https://bto.bluecoat.com/security-advisory/sa132"
            },
            {
              "name": "FreeBSD-SA-16:26",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
            },
            {
              "name": "SUSE-SU-2016:2470",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
            },
            {
              "name": "RHSA-2018:2187",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
            },
            {
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
            },
            {
              "name": "SUSE-SU-2017:2700",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
            },
            {
              "name": "USN-3087-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3087-1"
            },
            {
              "name": "SUSE-SU-2016:2469",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2016:2537",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
            },
            {
              "name": "USN-3087-2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3087-2"
            },
            {
              "name": "SUSE-SU-2017:2699",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2016:2407",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
            },
            {
              "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
            },
            {
              "name": "SUSE-SU-2016:2458",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
            },
            {
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "name": "DSA-3673",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3673"
            },
            {
              "name": "openSUSE-SU-2016:2391",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2018:0458",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
            },
            {
              "name": "SUSE-SU-2016:2387",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
            },
            {
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
            },
            {
              "url": "https://support.f5.com/csp/article/K90492697"
            },
            {
              "name": "SUSE-SU-2016:2468",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
            },
            {
              "name": "openSUSE-SU-2016:2496",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:2394",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
            },
            {
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
            },
            {
              "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "url": "https://www.openssl.org/news/secadv/20160922.txt"
            },
            {
              "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-6306",
        "datePublished": "2016-09-26T00:00:00.000Z",
        "dateReserved": "2016-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:29:18.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2182 (GCVE-0-2016-2182)

    Vulnerability from nvd – Published: 2016-09-16 00:00 – Updated: 2024-08-05 23:17
    VLAI
    Summary
    The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036688 vdb-entry
    https://www.tenable.com/security/tns-2016-20
    https://access.redhat.com/errata/RHSA-2018:2185 vendor-advisory
    https://access.redhat.com/errata/RHSA-2018:2186 vendor-advisory
    http://www.splunk.com/view/SP-CAAAPUE
    http://www.oracle.com/technetwork/security-adviso…
    http://www.securityfocus.com/bid/92557 vdb-entry
    https://source.android.com/security/bulletin/2017-03-01
    http://www.securitytracker.com/id/1037968 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2016-1940.html vendor-advisory
    http://www.oracle.com/technetwork/topics/security…
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://support.hpe.com/hpsc/doc/public/display?d…
    http://www.splunk.com/view/SP-CAAAPSV
    http://www-01.ibm.com/support/docview.wss?uid=swg…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.tenable.com/security/tns-2016-16
    https://www.tenable.com/security/tns-2016-21
    https://kc.mcafee.com/corporate/index?page=conten…
    http://www.oracle.com/technetwork/security-adviso…
    https://git.openssl.org/?p=openssl.git%3Ba=commit…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/topics/security…
    https://bto.bluecoat.com/security-advisory/sa132
    http://www.oracle.com/technetwork/security-adviso…
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisory
    https://source.android.com/security/bulletin/2017…
    https://access.redhat.com/errata/RHSA-2018:2187 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://kb.juniper.net/InfoCenter/index?page=conte…
    https://kc.mcafee.com/corporate/index?page=conten…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-3087-1 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-3087-2 vendor-advisory
    https://support.f5.com/csp/article/K01276005
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://seclists.org/fulldisclosure/2017/Jul/31 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://support.hpe.com/hpsc/doc/public/display?d…
    http://www.debian.org/security/2016/dsa-3673 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://h20566.www2.hpe.com/hpsc/doc/public/displ…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.huawei.com/en/psirt/security-advisorie…
    https://www.arista.com/en/support/advisories-noti…
    https://cert-portal.siemens.com/productcert/pdf/s…
    Date Public
    2016-08-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:17:50.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036688",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036688"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-20"
              },
              {
                "name": "RHSA-2018:2185",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2185"
              },
              {
                "name": "RHSA-2018:2186",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2186"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.splunk.com/view/SP-CAAAPUE"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "92557",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92557"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-03-01"
              },
              {
                "name": "1037968",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037968"
              },
              {
                "name": "RHSA-2016:1940",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.splunk.com/view/SP-CAAAPSV"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa132"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              },
              {
                "name": "FreeBSD-SA-16:26",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-03-01.html"
              },
              {
                "name": "RHSA-2018:2187",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2187"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
              },
              {
                "name": "SUSE-SU-2017:2700",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
              },
              {
                "name": "USN-3087-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3087-1"
              },
              {
                "name": "SUSE-SU-2016:2469",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
              },
              {
                "name": "openSUSE-SU-2016:2537",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
              },
              {
                "name": "USN-3087-2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3087-2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K01276005"
              },
              {
                "name": "SUSE-SU-2017:2699",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
              },
              {
                "name": "openSUSE-SU-2016:2407",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
              },
              {
                "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
              },
              {
                "name": "SUSE-SU-2016:2458",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
              },
              {
                "name": "DSA-3673",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3673"
              },
              {
                "name": "openSUSE-SU-2016:2391",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
              },
              {
                "name": "openSUSE-SU-2018:0458",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
              },
              {
                "name": "SUSE-SU-2016:2387",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
              },
              {
                "name": "SUSE-SU-2016:2468",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
              },
              {
                "name": "SUSE-SU-2016:2394",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-08-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "1036688",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1036688"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-20"
            },
            {
              "name": "RHSA-2018:2185",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "url": "http://www.splunk.com/view/SP-CAAAPUE"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "92557",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/92557"
            },
            {
              "url": "https://source.android.com/security/bulletin/2017-03-01"
            },
            {
              "name": "1037968",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037968"
            },
            {
              "name": "RHSA-2016:1940",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
            },
            {
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "url": "http://www.splunk.com/view/SP-CAAAPSV"
            },
            {
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-16"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-21"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "url": "https://bto.bluecoat.com/security-advisory/sa132"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "FreeBSD-SA-16:26",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
            },
            {
              "url": "https://source.android.com/security/bulletin/2017-03-01.html"
            },
            {
              "name": "RHSA-2018:2187",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
            },
            {
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
            },
            {
              "name": "SUSE-SU-2017:2700",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
            },
            {
              "name": "USN-3087-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3087-1"
            },
            {
              "name": "SUSE-SU-2016:2469",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2016:2537",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
            },
            {
              "name": "USN-3087-2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3087-2"
            },
            {
              "url": "https://support.f5.com/csp/article/K01276005"
            },
            {
              "name": "SUSE-SU-2017:2699",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2016:2407",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
            },
            {
              "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
            },
            {
              "name": "SUSE-SU-2016:2458",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
            },
            {
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "name": "DSA-3673",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3673"
            },
            {
              "name": "openSUSE-SU-2016:2391",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2018:0458",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
            },
            {
              "name": "SUSE-SU-2016:2387",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
            },
            {
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
            },
            {
              "name": "SUSE-SU-2016:2468",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
            },
            {
              "name": "SUSE-SU-2016:2394",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
            },
            {
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
            },
            {
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-2182",
        "datePublished": "2016-09-16T00:00:00.000Z",
        "dateReserved": "2016-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:17:50.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4448 (GCVE-0-2016-4448)

    Vulnerability from nvd – Published: 2016-06-09 16:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://www.slackware.com/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    https://access.redhat.com/errata/RHSA-2016:1292 vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2016/05/25/2 mailing-listx_refsource_MLIST
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/90856 vdb-entryx_refsource_BID
    https://git.gnome.org/browse/libxml2/commit/?id=4… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://support.apple.com/HT206901 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://bugzilla.redhat.com/show_bug.cgi?id=1338700 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://www.tenable.com/security/tns-2016-18 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2957.html vendor-advisoryx_refsource_REDHAT
    https://support.apple.com/HT206905 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036348 vdb-entryx_refsource_SECTRACK
    https://support.apple.com/HT206903 x_refsource_CONFIRM
    https://support.apple.com/HT206902 x_refsource_CONFIRM
    https://support.apple.com/HT206904 x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://support.apple.com/HT206899 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=5… x_refsource_CONFIRM
    Date Public
    2016-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:24.779Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "SSA:2016-148-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "name": "[oss-security] 20160525 3 libxml2 issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "90856",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90856"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9"
              },
              {
                "name": "APPLE-SA-2016-07-18-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206901"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338700"
              },
              {
                "name": "APPLE-SA-2016-07-18-6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206905"
              },
              {
                "name": "1036348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036348"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "SSA:2016-148-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "name": "[oss-security] 20160525 3 libxml2 issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "90856",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90856"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206901"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338700"
            },
            {
              "name": "APPLE-SA-2016-07-18-6",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "name": "1036348",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036348"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-4448",
        "datePublished": "2016-06-09T16:00:00.000Z",
        "dateReserved": "2016-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:24.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4447 (GCVE-0-2016-4447)

    Vulnerability from nvd – Published: 2016-06-09 16:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://www.slackware.com/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.securityfocus.com/bid/90864 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2016:1292 vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2016/05/25/2 mailing-listx_refsource_MLIST
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://www.debian.org/security/2016/dsa-3593 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://support.apple.com/HT206901 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2994-1 vendor-advisoryx_refsource_UBUNTU
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=0… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://www.tenable.com/security/tns-2016-18 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2957.html vendor-advisoryx_refsource_REDHAT
    https://support.apple.com/HT206905 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036348 vdb-entryx_refsource_SECTRACK
    https://support.apple.com/HT206903 x_refsource_CONFIRM
    https://support.apple.com/HT206902 x_refsource_CONFIRM
    https://support.apple.com/HT206904 x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://support.apple.com/HT206899 x_refsource_CONFIRM
    Date Public
    2016-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:25.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "SSA:2016-148-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722"
              },
              {
                "name": "90864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90864"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "name": "[oss-security] 20160525 3 libxml2 issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "APPLE-SA-2016-07-18-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206901"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83"
              },
              {
                "name": "APPLE-SA-2016-07-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206905"
              },
              {
                "name": "1036348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036348"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "SSA:2016-148-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722"
            },
            {
              "name": "90864",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90864"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "name": "[oss-security] 20160525 3 libxml2 issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206901"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-6",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "name": "1036348",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036348"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206899"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-4447",
        "datePublished": "2016-06-09T16:00:00.000Z",
        "dateReserved": "2016-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:25.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3705 (GCVE-0-2016-3705)

    Vulnerability from nvd – Published: 2016-05-17 14:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/May/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "openSUSE-SU-2016:1446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
              },
              {
                "name": "openSUSE-SU-2016:1298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
              },
              {
                "name": "89854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/89854"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "openSUSE-SU-2016:1446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
            },
            {
              "name": "openSUSE-SU-2016:1298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
            },
            {
              "name": "89854",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/89854"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3705",
        "datePublished": "2016-05-17T14:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3627 (GCVE-0-2016-3627)

    Vulnerability from nvd – Published: 2016-05-17 14:00 – Updated: 2025-12-04 17:11
    VLAI
    Summary
    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-674 - Uncontrolled Recursion
    Assigner
    Date Public
    2016-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/May/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "openSUSE-SU-2016:1446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
              },
              {
                "name": "openSUSE-SU-2016:1298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "1035335",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035335"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "name": "84992",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84992"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-3627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-04T15:39:17.273628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-674",
                    "description": "CWE-674 Uncontrolled Recursion",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T17:11:28.323Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "openSUSE-SU-2016:1446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
            },
            {
              "name": "openSUSE-SU-2016:1298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "1035335",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035335"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "84992",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84992"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3627",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/May/10"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
                },
                {
                  "name": "openSUSE-SU-2016:1446",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
                },
                {
                  "name": "openSUSE-SU-2016:1298",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
                },
                {
                  "name": "RHSA-2016:1292",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1292"
                },
                {
                  "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
                },
                {
                  "name": "DSA-3593",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2016/dsa-3593"
                },
                {
                  "name": "1035335",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035335"
                },
                {
                  "name": "USN-2994-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2994-1"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
                },
                {
                  "name": "84992",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84992"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2016-18",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2016-18"
                },
                {
                  "name": "RHSA-2016:2957",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3627",
        "datePublished": "2016-05-17T14:00:00.000Z",
        "dateReserved": "2016-03-21T00:00:00.000Z",
        "dateUpdated": "2025-12-04T17:11:28.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-8317 (GCVE-0-2015-8317)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=1281930 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206901 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=751603 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=9… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/91826 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://blog.fuzzing-project.org/28-Libxml2-Sever… x_refsource_MISC
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://git.gnome.org/browse/libxml2/commit/?id=7… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/77681 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2015/11/22/3 mailing-listx_refsource_MLIST
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/11/21/1 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206905 x_refsource_CONFIRM
    https://support.apple.com/HT206903 x_refsource_CONFIRM
    https://bugzilla.gnome.org/show_bug.cgi?id=751631 x_refsource_CONFIRM
    https://support.apple.com/HT206902 x_refsource_CONFIRM
    https://support.apple.com/HT206904 x_refsource_CONFIRM
    https://support.apple.com/HT206899 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:32.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-07-18-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206901"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "91826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91826"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "APPLE-SA-2016-07-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
              },
              {
                "name": "77681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77681"
              },
              {
                "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206905"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206901"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "91826",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91826"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-6",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
            },
            {
              "name": "77681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77681"
            },
            {
              "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206899"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "APPLE-SA-2016-07-18-4",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
                },
                {
                  "name": "https://support.apple.com/HT206901",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206901"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=751603",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "91826",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91826"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "APPLE-SA-2016-07-18-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-6",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html",
                  "refsource": "MISC",
                  "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
                },
                {
                  "name": "77681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77681"
                },
                {
                  "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://support.apple.com/HT206905",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206905"
                },
                {
                  "name": "https://support.apple.com/HT206903",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206903"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=751631",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
                },
                {
                  "name": "https://support.apple.com/HT206902",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206902"
                },
                {
                  "name": "https://support.apple.com/HT206904",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206904"
                },
                {
                  "name": "https://support.apple.com/HT206899",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206899"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8317",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:32.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8242 (GCVE-0-2015-8242)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2015/11/17/5 mailing-listx_refsource_MLIST
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=8… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1281950 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/1… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=756372 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/77681 vdb-entryx_refsource_BID
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:31.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "77681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "name": "[oss-security] 20151118 Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "77681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-5",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
                },
                {
                  "name": "https://support.apple.com/HT206167",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206167"
                },
                {
                  "name": "https://support.apple.com/HT206168",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206168"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
                },
                {
                  "name": "APPLE-SA-2016-03-21-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
                },
                {
                  "name": "http://xmlsoft.org/news.html",
                  "refsource": "CONFIRM",
                  "url": "http://xmlsoft.org/news.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756372",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "77681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77681"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
                },
                {
                  "name": "https://support.apple.com/HT206169",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206169"
                },
                {
                  "name": "https://support.apple.com/HT206166",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206166"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8242",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:31.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8241 (GCVE-0-2015-8241)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:32.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "77621",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77621"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "name": "[oss-security] 20151118 Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "77621",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77621"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "77621",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77621"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756263",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8241",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:32.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7500 (GCVE-0-2015-7500)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=f… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1281943 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/79562 vdb-entryx_refsource_BID
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "79562",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79562"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "79562",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79562"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7500",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7499 (GCVE-0-2015-7499)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=3… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    https://git.gnome.org/browse/libxml2/commit/?id=2… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1281925 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securityfocus.com/bid/79509 vdb-entryx_refsource_BID
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "name": "79509",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79509"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "name": "79509",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79509"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7499",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7498 (GCVE-0-2015-7498)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "79548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79548"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "79548",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79548"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7498",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7497 (GCVE-0-2015-7497)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "79508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79508"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "79508",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79508"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7497",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5312 (GCVE-0-2015-5312)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    https://git.gnome.org/browse/libxml2/commit/?id=6… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1276693 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/79536 vdb-entryx_refsource_BID
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:09.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              },
              {
                "name": "79536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            },
            {
              "name": "79536",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79536"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5312",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:09.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9597 (GCVE-0-2016-9597)

    Vulnerability from cvelistv5 – Published: 2018-07-30 14:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat libxml2 Affected: all
    Create a notification for this product.
    Date Public
    2016-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:03.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98567",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98567"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libxml2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "datePublic": "2016-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-31T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "98567",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98567"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9597",
        "datePublished": "2018-07-30T14:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:03.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-8945 (GCVE-0-2017-8945)

    Vulnerability from cvelistv5 – Published: 2018-02-15 22:00 – Updated: 2024-09-17 00:46
    VLAI
    Summary
    A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found.
    Severity
    No CVSS data available.
    CWE
    • Remote Unauthorized Disclosure of Information
    Assigner
    hpe
    References
    URL Tags
    http://www.securityfocus.com/bid/98711 vdb-entryx_refsource_BID
    https://support.hpe.com/hpsc/doc/public/display?d… x_refsource_CONFIRM
    http://www.securitytracker.com/id/1038570 vdb-entryx_refsource_SECTRACK
    Impacted products
    Date Public
    2017-05-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T16:48:22.952Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98711",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98711"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03737en_us"
              },
              {
                "name": "1038570",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038570"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "IceWall Federation Agent",
              "vendor": "Hewlett Packard Enterprise",
              "versions": [
                {
                  "status": "affected",
                  "version": "v3.0"
                }
              ]
            }
          ],
          "datePublic": "2017-05-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Unauthorized Disclosure of Information",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-02-16T15:57:01.000Z",
            "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
            "shortName": "hpe"
          },
          "references": [
            {
              "name": "98711",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98711"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03737en_us"
            },
            {
              "name": "1038570",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038570"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security-alert@hpe.com",
              "DATE_PUBLIC": "2017-05-26T00:00:00",
              "ID": "CVE-2017-8945",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "IceWall Federation Agent",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "v3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Hewlett Packard Enterprise"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Remote Unauthorized Disclosure of Information vulnerability in HPE IceWall Federation Agent version 3.0 was found."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Unauthorized Disclosure of Information"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "98711",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98711"
                },
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03737en_us",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbgn03737en_us"
                },
                {
                  "name": "1038570",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038570"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "assignerShortName": "hpe",
        "cveId": "CVE-2017-8945",
        "datePublished": "2018-02-15T22:00:00.000Z",
        "dateReserved": "2017-05-15T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:46:53.218Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-6306 (GCVE-0-2016-6306)

    Vulnerability from cvelistv5 – Published: 2016-09-26 00:00 – Updated: 2024-08-06 01:29
    VLAI
    Summary
    The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://www.tenable.com/security/tns-2016-20
    https://access.redhat.com/errata/RHSA-2018:2185 vendor-advisory
    https://access.redhat.com/errata/RHSA-2018:2186 vendor-advisory
    http://www.securityfocus.com/bid/93153 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2016-1940.html vendor-advisory
    https://security.gentoo.org/glsa/201612-16 vendor-advisory
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://support.hpe.com/hpsc/doc/public/display?d…
    http://www.securitytracker.com/id/1036885 vdb-entry
    https://www.tenable.com/security/tns-2016-16
    https://www.tenable.com/security/tns-2016-21
    https://bto.bluecoat.com/security-advisory/sa132
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://access.redhat.com/errata/RHSA-2018:2187 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://kb.juniper.net/InfoCenter/index?page=conte…
    https://kc.mcafee.com/corporate/index?page=conten…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-3087-1 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-3087-2 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://seclists.org/fulldisclosure/2017/Jul/31 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://support.hpe.com/hpsc/doc/public/display?d…
    http://www.debian.org/security/2016/dsa-3673 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://h20566.www2.hpe.com/hpsc/doc/public/displ…
    https://support.f5.com/csp/article/K90492697
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.huawei.com/en/psirt/security-advisorie…
    https://www.oracle.com/security-alerts/cpuapr2020.html
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/security-alerts/cpujul2020.html
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/technetwork/security-advis…
    https://www.oracle.com/security-alerts/cpujan2020.html
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/topics/security…
    http://www-01.ibm.com/support/docview.wss?uid=swg…
    https://nodejs.org/en/blog/vulnerability/septembe…
    http://www.oracle.com/technetwork/topics/security…
    https://www.openssl.org/news/secadv/20160922.txt
    https://git.openssl.org/?p=openssl.git%3Ba=commit…
    https://www.oracle.com/security-alerts/cpuoct2020.html
    https://www.arista.com/en/support/advisories-noti…
    https://cert-portal.siemens.com/productcert/pdf/s…
    Date Public
    2016-09-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:29:18.287Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-20"
              },
              {
                "name": "RHSA-2018:2185",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2185"
              },
              {
                "name": "RHSA-2018:2186",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2186"
              },
              {
                "name": "93153",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/93153"
              },
              {
                "name": "RHSA-2016:1940",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
              },
              {
                "name": "GLSA-201612-16",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201612-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
              },
              {
                "name": "1036885",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036885"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa132"
              },
              {
                "name": "FreeBSD-SA-16:26",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
              },
              {
                "name": "SUSE-SU-2016:2470",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
              },
              {
                "name": "RHSA-2018:2187",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2187"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
              },
              {
                "name": "SUSE-SU-2017:2700",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
              },
              {
                "name": "USN-3087-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3087-1"
              },
              {
                "name": "SUSE-SU-2016:2469",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
              },
              {
                "name": "openSUSE-SU-2016:2537",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
              },
              {
                "name": "USN-3087-2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3087-2"
              },
              {
                "name": "SUSE-SU-2017:2699",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
              },
              {
                "name": "openSUSE-SU-2016:2407",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
              },
              {
                "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
              },
              {
                "name": "SUSE-SU-2016:2458",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
              },
              {
                "name": "DSA-3673",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3673"
              },
              {
                "name": "openSUSE-SU-2016:2391",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
              },
              {
                "name": "openSUSE-SU-2018:0458",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
              },
              {
                "name": "SUSE-SU-2016:2387",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K90492697"
              },
              {
                "name": "SUSE-SU-2016:2468",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
              },
              {
                "name": "openSUSE-SU-2016:2496",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
              },
              {
                "name": "SUSE-SU-2016:2394",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.openssl.org/news/secadv/20160922.txt"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "url": "https://www.tenable.com/security/tns-2016-20"
            },
            {
              "name": "RHSA-2018:2185",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "93153",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/93153"
            },
            {
              "name": "RHSA-2016:1940",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
            },
            {
              "name": "GLSA-201612-16",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/201612-16"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
            },
            {
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "name": "1036885",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1036885"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-16"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-21"
            },
            {
              "url": "https://bto.bluecoat.com/security-advisory/sa132"
            },
            {
              "name": "FreeBSD-SA-16:26",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
            },
            {
              "name": "SUSE-SU-2016:2470",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html"
            },
            {
              "name": "RHSA-2018:2187",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
            },
            {
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
            },
            {
              "name": "SUSE-SU-2017:2700",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
            },
            {
              "name": "USN-3087-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3087-1"
            },
            {
              "name": "SUSE-SU-2016:2469",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2016:2537",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
            },
            {
              "name": "USN-3087-2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3087-2"
            },
            {
              "name": "SUSE-SU-2017:2699",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2016:2407",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
            },
            {
              "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
            },
            {
              "name": "SUSE-SU-2016:2458",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
            },
            {
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "name": "DSA-3673",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3673"
            },
            {
              "name": "openSUSE-SU-2016:2391",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2018:0458",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
            },
            {
              "name": "SUSE-SU-2016:2387",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
            },
            {
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
            },
            {
              "url": "https://support.f5.com/csp/article/K90492697"
            },
            {
              "name": "SUSE-SU-2016:2468",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
            },
            {
              "name": "openSUSE-SU-2016:2496",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00021.html"
            },
            {
              "name": "SUSE-SU-2016:2394",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
            },
            {
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
            },
            {
              "url": "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "url": "https://www.openssl.org/news/secadv/20160922.txt"
            },
            {
              "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=52e623c4cb06fffa9d5e75c60b34b4bc130b12e9"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-6306",
        "datePublished": "2016-09-26T00:00:00.000Z",
        "dateReserved": "2016-07-26T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:29:18.287Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-2182 (GCVE-0-2016-2182)

    Vulnerability from cvelistv5 – Published: 2016-09-16 00:00 – Updated: 2024-08-05 23:17
    VLAI
    Summary
    The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securitytracker.com/id/1036688 vdb-entry
    https://www.tenable.com/security/tns-2016-20
    https://access.redhat.com/errata/RHSA-2018:2185 vendor-advisory
    https://access.redhat.com/errata/RHSA-2018:2186 vendor-advisory
    http://www.splunk.com/view/SP-CAAAPUE
    http://www.oracle.com/technetwork/security-adviso…
    http://www.securityfocus.com/bid/92557 vdb-entry
    https://source.android.com/security/bulletin/2017-03-01
    http://www.securitytracker.com/id/1037968 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2016-1940.html vendor-advisory
    http://www.oracle.com/technetwork/topics/security…
    https://kb.pulsesecure.net/articles/Pulse_Securit…
    https://support.hpe.com/hpsc/doc/public/display?d…
    http://www.splunk.com/view/SP-CAAAPSV
    http://www-01.ibm.com/support/docview.wss?uid=swg…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.tenable.com/security/tns-2016-16
    https://www.tenable.com/security/tns-2016-21
    https://kc.mcafee.com/corporate/index?page=conten…
    http://www.oracle.com/technetwork/security-adviso…
    https://git.openssl.org/?p=openssl.git%3Ba=commit…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/topics/security…
    https://bto.bluecoat.com/security-advisory/sa132
    http://www.oracle.com/technetwork/security-adviso…
    https://security.FreeBSD.org/advisories/FreeBSD-S… vendor-advisory
    https://source.android.com/security/bulletin/2017…
    https://access.redhat.com/errata/RHSA-2018:2187 vendor-advisory
    https://h20566.www2.hpe.com/portal/site/hpsc/publ…
    http://kb.juniper.net/InfoCenter/index?page=conte…
    https://kc.mcafee.com/corporate/index?page=conten…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-3087-1 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.ubuntu.com/usn/USN-3087-2 vendor-advisory
    https://support.f5.com/csp/article/K01276005
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://seclists.org/fulldisclosure/2017/Jul/31 mailing-list
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://support.hpe.com/hpsc/doc/public/display?d…
    http://www.debian.org/security/2016/dsa-3673 vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    https://h20566.www2.hpe.com/hpsc/doc/public/displ…
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://lists.opensuse.org/opensuse-security-annou… vendor-advisory
    http://www.huawei.com/en/psirt/security-advisorie…
    https://www.arista.com/en/support/advisories-noti…
    https://cert-portal.siemens.com/productcert/pdf/s…
    Date Public
    2016-08-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T23:17:50.604Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1036688",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036688"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-20"
              },
              {
                "name": "RHSA-2018:2185",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2185"
              },
              {
                "name": "RHSA-2018:2186",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2186"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.splunk.com/view/SP-CAAAPUE"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "92557",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/92557"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-03-01"
              },
              {
                "name": "1037968",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037968"
              },
              {
                "name": "RHSA-2016:1940",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.splunk.com/view/SP-CAAAPSV"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-16"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-21"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bto.bluecoat.com/security-advisory/sa132"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
              },
              {
                "name": "FreeBSD-SA-16:26",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://source.android.com/security/bulletin/2017-03-01.html"
              },
              {
                "name": "RHSA-2018:2187",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2018:2187"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
              },
              {
                "name": "SUSE-SU-2017:2700",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
              },
              {
                "name": "USN-3087-1",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3087-1"
              },
              {
                "name": "SUSE-SU-2016:2469",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
              },
              {
                "name": "openSUSE-SU-2016:2537",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
              },
              {
                "name": "USN-3087-2",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-3087-2"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.f5.com/csp/article/K01276005"
              },
              {
                "name": "SUSE-SU-2017:2699",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
              },
              {
                "name": "openSUSE-SU-2016:2407",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
              },
              {
                "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
              },
              {
                "name": "SUSE-SU-2016:2458",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
              },
              {
                "name": "DSA-3673",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2016/dsa-3673"
              },
              {
                "name": "openSUSE-SU-2016:2391",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
              },
              {
                "name": "openSUSE-SU-2018:0458",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
              },
              {
                "name": "SUSE-SU-2016:2387",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
              },
              {
                "name": "SUSE-SU-2016:2468",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
              },
              {
                "name": "SUSE-SU-2016:2394",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-08-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, which allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-12-13T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "1036688",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1036688"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-20"
            },
            {
              "name": "RHSA-2018:2185",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "url": "http://www.splunk.com/view/SP-CAAAPUE"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "92557",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/92557"
            },
            {
              "url": "https://source.android.com/security/bulletin/2017-03-01"
            },
            {
              "name": "1037968",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037968"
            },
            {
              "name": "RHSA-2016:1940",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1940.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
            },
            {
              "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312"
            },
            {
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "url": "http://www.splunk.com/view/SP-CAAAPSV"
            },
            {
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21995039"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-16"
            },
            {
              "url": "https://www.tenable.com/security/tns-2016-21"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10171"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=07bed46f332fce8c1d157689a2cdf915a982ae34"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html"
            },
            {
              "url": "https://bto.bluecoat.com/security-advisory/sa132"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "FreeBSD-SA-16:26",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-16:26.openssl.asc"
            },
            {
              "url": "https://source.android.com/security/bulletin/2017-03-01.html"
            },
            {
              "name": "RHSA-2018:2187",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448"
            },
            {
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10759"
            },
            {
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10215"
            },
            {
              "name": "SUSE-SU-2017:2700",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00011.html"
            },
            {
              "name": "USN-3087-1",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3087-1"
            },
            {
              "name": "SUSE-SU-2016:2469",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00012.html"
            },
            {
              "name": "openSUSE-SU-2016:2537",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00029.html"
            },
            {
              "name": "USN-3087-2",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-3087-2"
            },
            {
              "url": "https://support.f5.com/csp/article/K01276005"
            },
            {
              "name": "SUSE-SU-2017:2699",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00010.html"
            },
            {
              "name": "openSUSE-SU-2016:2407",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00031.html"
            },
            {
              "name": "20170717 Orion Elite Hidden IP Browser Pro - All Versions - Multiple Known Vulnerabilities",
              "tags": [
                "mailing-list"
              ],
              "url": "http://seclists.org/fulldisclosure/2017/Jul/31"
            },
            {
              "name": "SUSE-SU-2016:2458",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00005.html"
            },
            {
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en\u0026docId=emr_na-hpesbhf03856en_us"
            },
            {
              "name": "DSA-3673",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://www.debian.org/security/2016/dsa-3673"
            },
            {
              "name": "openSUSE-SU-2016:2391",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00023.html"
            },
            {
              "name": "openSUSE-SU-2018:0458",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00032.html"
            },
            {
              "name": "SUSE-SU-2016:2387",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00022.html"
            },
            {
              "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c05302448"
            },
            {
              "name": "SUSE-SU-2016:2468",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00011.html"
            },
            {
              "name": "SUSE-SU-2016:2394",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2016-09/msg00024.html"
            },
            {
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170322-01-openssl-en"
            },
            {
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1749-security-advisory-24"
            },
            {
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-2182",
        "datePublished": "2016-09-16T00:00:00.000Z",
        "dateReserved": "2016-01-29T00:00:00.000Z",
        "dateUpdated": "2024-08-05T23:17:50.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4447 (GCVE-0-2016-4447)

    Vulnerability from cvelistv5 – Published: 2016-06-09 16:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://www.slackware.com/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    http://www.securityfocus.com/bid/90864 vdb-entryx_refsource_BID
    https://access.redhat.com/errata/RHSA-2016:1292 vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2016/05/25/2 mailing-listx_refsource_MLIST
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://www.debian.org/security/2016/dsa-3593 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://support.apple.com/HT206901 x_refsource_CONFIRM
    http://www.ubuntu.com/usn/USN-2994-1 vendor-advisoryx_refsource_UBUNTU
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=0… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://www.tenable.com/security/tns-2016-18 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2957.html vendor-advisoryx_refsource_REDHAT
    https://support.apple.com/HT206905 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036348 vdb-entryx_refsource_SECTRACK
    https://support.apple.com/HT206903 x_refsource_CONFIRM
    https://support.apple.com/HT206902 x_refsource_CONFIRM
    https://support.apple.com/HT206904 x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://support.apple.com/HT206899 x_refsource_CONFIRM
    Date Public
    2016-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:25.110Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "SSA:2016-148-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722"
              },
              {
                "name": "90864",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90864"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "name": "[oss-security] 20160525 3 libxml2 issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "APPLE-SA-2016-07-18-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206901"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83"
              },
              {
                "name": "APPLE-SA-2016-07-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206905"
              },
              {
                "name": "1036348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036348"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "SSA:2016-148-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722"
            },
            {
              "name": "90864",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90864"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "name": "[oss-security] 20160525 3 libxml2 issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206901"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-6",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "name": "1036348",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036348"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206899"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-4447",
        "datePublished": "2016-06-09T16:00:00.000Z",
        "dateReserved": "2016-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:25.110Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-4448 (GCVE-0-2016-4448)

    Vulnerability from cvelistv5 – Published: 2016-06-09 16:00 – Updated: 2024-08-06 00:32
    VLAI
    Summary
    Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://kc.mcafee.com/corporate/index?page=conten… x_refsource_CONFIRM
    http://www.slackware.com/security/viewer.php?l=sl… vendor-advisoryx_refsource_SLACKWARE
    https://access.redhat.com/errata/RHSA-2016:1292 vendor-advisoryx_refsource_REDHAT
    http://www.openwall.com/lists/oss-security/2016/05/25/2 mailing-listx_refsource_MLIST
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/90856 vdb-entryx_refsource_BID
    https://git.gnome.org/browse/libxml2/commit/?id=4… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://support.apple.com/HT206901 x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://bugzilla.redhat.com/show_bug.cgi?id=1338700 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://www.tenable.com/security/tns-2016-18 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-2957.html vendor-advisoryx_refsource_REDHAT
    https://support.apple.com/HT206905 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1036348 vdb-entryx_refsource_SECTRACK
    https://support.apple.com/HT206903 x_refsource_CONFIRM
    https://support.apple.com/HT206902 x_refsource_CONFIRM
    https://support.apple.com/HT206904 x_refsource_CONFIRM
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://support.apple.com/HT206899 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=5… x_refsource_CONFIRM
    Date Public
    2016-05-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:32:24.779Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "SSA:2016-148-01",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SLACKWARE",
                  "x_transferred"
                ],
                "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "name": "[oss-security] 20160525 3 libxml2 issues",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "90856",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/90856"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9"
              },
              {
                "name": "APPLE-SA-2016-07-18-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206901"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338700"
              },
              {
                "name": "APPLE-SA-2016-07-18-6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206905"
              },
              {
                "name": "1036348",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1036348"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206899"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "SSA:2016-148-01",
              "tags": [
                "vendor-advisory",
                "x_refsource_SLACKWARE"
              ],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.404722"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "name": "[oss-security] 20160525 3 libxml2 issues",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/05/25/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "90856",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/90856"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206901"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1338700"
            },
            {
              "name": "APPLE-SA-2016-07-18-6",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "name": "1036348",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1036348"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206899"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-4448",
        "datePublished": "2016-06-09T16:00:00.000Z",
        "dateReserved": "2016-05-02T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:32:24.779Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3705 (GCVE-0-2016-3705)

    Vulnerability from cvelistv5 – Published: 2016-05-17 14:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/May/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "openSUSE-SU-2016:1446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
              },
              {
                "name": "openSUSE-SU-2016:1298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
              },
              {
                "name": "89854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/89854"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "openSUSE-SU-2016:1446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
            },
            {
              "name": "openSUSE-SU-2016:1298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
            },
            {
              "name": "89854",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/89854"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3705",
        "datePublished": "2016-05-17T14:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3627 (GCVE-0-2016-3627)

    Vulnerability from cvelistv5 – Published: 2016-05-17 14:00 – Updated: 2025-12-04 17:11
    VLAI
    Summary
    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-674 - Uncontrolled Recursion
    Assigner
    Date Public
    2016-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/May/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "openSUSE-SU-2016:1446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
              },
              {
                "name": "openSUSE-SU-2016:1298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "1035335",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035335"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "name": "84992",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84992"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-3627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-04T15:39:17.273628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-674",
                    "description": "CWE-674 Uncontrolled Recursion",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T17:11:28.323Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "openSUSE-SU-2016:1446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
            },
            {
              "name": "openSUSE-SU-2016:1298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "1035335",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035335"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "84992",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84992"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3627",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/May/10"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
                },
                {
                  "name": "openSUSE-SU-2016:1446",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
                },
                {
                  "name": "openSUSE-SU-2016:1298",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
                },
                {
                  "name": "RHSA-2016:1292",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1292"
                },
                {
                  "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
                },
                {
                  "name": "DSA-3593",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2016/dsa-3593"
                },
                {
                  "name": "1035335",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035335"
                },
                {
                  "name": "USN-2994-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2994-1"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
                },
                {
                  "name": "84992",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84992"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2016-18",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2016-18"
                },
                {
                  "name": "RHSA-2016:2957",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3627",
        "datePublished": "2016-05-17T14:00:00.000Z",
        "dateReserved": "2016-03-21T00:00:00.000Z",
        "dateUpdated": "2025-12-04T17:11:28.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-7497 (GCVE-0-2015-7497)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "79508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79508"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "79508",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79508"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7497",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7499 (GCVE-0-2015-7499)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=3… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    https://git.gnome.org/browse/libxml2/commit/?id=2… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1281925 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securityfocus.com/bid/79509 vdb-entryx_refsource_BID
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "name": "79509",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79509"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "name": "79509",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79509"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7499",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5312 (GCVE-0-2015-5312)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    https://git.gnome.org/browse/libxml2/commit/?id=6… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1276693 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/79536 vdb-entryx_refsource_BID
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:09.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              },
              {
                "name": "79536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            },
            {
              "name": "79536",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79536"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5312",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:09.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7500 (GCVE-0-2015-7500)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=f… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1281943 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/79562 vdb-entryx_refsource_BID
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "79562",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79562"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "79562",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79562"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7500",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8317 (GCVE-0-2015-8317)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=1281930 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206901 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=751603 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=9… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/91826 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://blog.fuzzing-project.org/28-Libxml2-Sever… x_refsource_MISC
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://git.gnome.org/browse/libxml2/commit/?id=7… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/77681 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2015/11/22/3 mailing-listx_refsource_MLIST
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/11/21/1 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206905 x_refsource_CONFIRM
    https://support.apple.com/HT206903 x_refsource_CONFIRM
    https://bugzilla.gnome.org/show_bug.cgi?id=751631 x_refsource_CONFIRM
    https://support.apple.com/HT206902 x_refsource_CONFIRM
    https://support.apple.com/HT206904 x_refsource_CONFIRM
    https://support.apple.com/HT206899 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:32.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-07-18-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206901"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "91826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91826"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "APPLE-SA-2016-07-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
              },
              {
                "name": "77681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77681"
              },
              {
                "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206905"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206901"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "91826",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91826"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-6",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
            },
            {
              "name": "77681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77681"
            },
            {
              "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206899"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "APPLE-SA-2016-07-18-4",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
                },
                {
                  "name": "https://support.apple.com/HT206901",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206901"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=751603",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "91826",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91826"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "APPLE-SA-2016-07-18-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-6",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html",
                  "refsource": "MISC",
                  "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
                },
                {
                  "name": "77681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77681"
                },
                {
                  "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://support.apple.com/HT206905",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206905"
                },
                {
                  "name": "https://support.apple.com/HT206903",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206903"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=751631",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
                },
                {
                  "name": "https://support.apple.com/HT206902",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206902"
                },
                {
                  "name": "https://support.apple.com/HT206904",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206904"
                },
                {
                  "name": "https://support.apple.com/HT206899",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206899"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8317",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:32.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8241 (GCVE-0-2015-8241)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:32.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "77621",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77621"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "name": "[oss-security] 20151118 Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "77621",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77621"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "77621",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77621"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756263",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8241",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:32.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }