Search

Find a vulnerability

Search criteria

    28 vulnerabilities found for icewall_file_manager by hp

    CVE-2016-9597 (GCVE-0-2016-9597)

    Vulnerability from nvd – Published: 2018-07-30 14:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat libxml2 Affected: all
    Create a notification for this product.
    Date Public
    2016-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:03.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98567",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98567"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libxml2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "datePublic": "2016-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-31T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "98567",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98567"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9597",
        "datePublished": "2018-07-30T14:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:03.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3705 (GCVE-0-2016-3705)

    Vulnerability from nvd – Published: 2016-05-17 14:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/May/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "openSUSE-SU-2016:1446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
              },
              {
                "name": "openSUSE-SU-2016:1298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
              },
              {
                "name": "89854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/89854"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "openSUSE-SU-2016:1446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
            },
            {
              "name": "openSUSE-SU-2016:1298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
            },
            {
              "name": "89854",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/89854"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3705",
        "datePublished": "2016-05-17T14:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3627 (GCVE-0-2016-3627)

    Vulnerability from nvd – Published: 2016-05-17 14:00 – Updated: 2025-12-04 17:11
    VLAI
    Summary
    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-674 - Uncontrolled Recursion
    Assigner
    Date Public
    2016-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/May/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "openSUSE-SU-2016:1446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
              },
              {
                "name": "openSUSE-SU-2016:1298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "1035335",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035335"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "name": "84992",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84992"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-3627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-04T15:39:17.273628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-674",
                    "description": "CWE-674 Uncontrolled Recursion",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T17:11:28.323Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "openSUSE-SU-2016:1446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
            },
            {
              "name": "openSUSE-SU-2016:1298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "1035335",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035335"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "84992",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84992"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3627",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/May/10"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
                },
                {
                  "name": "openSUSE-SU-2016:1446",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
                },
                {
                  "name": "openSUSE-SU-2016:1298",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
                },
                {
                  "name": "RHSA-2016:1292",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1292"
                },
                {
                  "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
                },
                {
                  "name": "DSA-3593",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2016/dsa-3593"
                },
                {
                  "name": "1035335",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035335"
                },
                {
                  "name": "USN-2994-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2994-1"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
                },
                {
                  "name": "84992",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84992"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2016-18",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2016-18"
                },
                {
                  "name": "RHSA-2016:2957",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3627",
        "datePublished": "2016-05-17T14:00:00.000Z",
        "dateReserved": "2016-03-21T00:00:00.000Z",
        "dateUpdated": "2025-12-04T17:11:28.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-8317 (GCVE-0-2015-8317)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=1281930 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206901 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=751603 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=9… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/91826 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://blog.fuzzing-project.org/28-Libxml2-Sever… x_refsource_MISC
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://git.gnome.org/browse/libxml2/commit/?id=7… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/77681 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2015/11/22/3 mailing-listx_refsource_MLIST
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/11/21/1 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206905 x_refsource_CONFIRM
    https://support.apple.com/HT206903 x_refsource_CONFIRM
    https://bugzilla.gnome.org/show_bug.cgi?id=751631 x_refsource_CONFIRM
    https://support.apple.com/HT206902 x_refsource_CONFIRM
    https://support.apple.com/HT206904 x_refsource_CONFIRM
    https://support.apple.com/HT206899 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:32.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-07-18-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206901"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "91826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91826"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "APPLE-SA-2016-07-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
              },
              {
                "name": "77681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77681"
              },
              {
                "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206905"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206901"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "91826",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91826"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-6",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
            },
            {
              "name": "77681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77681"
            },
            {
              "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206899"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "APPLE-SA-2016-07-18-4",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
                },
                {
                  "name": "https://support.apple.com/HT206901",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206901"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=751603",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "91826",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91826"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "APPLE-SA-2016-07-18-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-6",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html",
                  "refsource": "MISC",
                  "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
                },
                {
                  "name": "77681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77681"
                },
                {
                  "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://support.apple.com/HT206905",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206905"
                },
                {
                  "name": "https://support.apple.com/HT206903",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206903"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=751631",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
                },
                {
                  "name": "https://support.apple.com/HT206902",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206902"
                },
                {
                  "name": "https://support.apple.com/HT206904",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206904"
                },
                {
                  "name": "https://support.apple.com/HT206899",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206899"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8317",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:32.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8242 (GCVE-0-2015-8242)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2015/11/17/5 mailing-listx_refsource_MLIST
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=8… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1281950 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/1… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=756372 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/77681 vdb-entryx_refsource_BID
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:31.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "77681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "name": "[oss-security] 20151118 Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "77681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-5",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
                },
                {
                  "name": "https://support.apple.com/HT206167",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206167"
                },
                {
                  "name": "https://support.apple.com/HT206168",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206168"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
                },
                {
                  "name": "APPLE-SA-2016-03-21-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
                },
                {
                  "name": "http://xmlsoft.org/news.html",
                  "refsource": "CONFIRM",
                  "url": "http://xmlsoft.org/news.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756372",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "77681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77681"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
                },
                {
                  "name": "https://support.apple.com/HT206169",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206169"
                },
                {
                  "name": "https://support.apple.com/HT206166",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206166"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8242",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:31.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8241 (GCVE-0-2015-8241)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:32.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "77621",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77621"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "name": "[oss-security] 20151118 Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "77621",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77621"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "77621",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77621"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756263",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8241",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:32.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7500 (GCVE-0-2015-7500)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=f… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1281943 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/79562 vdb-entryx_refsource_BID
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "79562",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79562"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "79562",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79562"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7500",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7499 (GCVE-0-2015-7499)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=3… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    https://git.gnome.org/browse/libxml2/commit/?id=2… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1281925 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securityfocus.com/bid/79509 vdb-entryx_refsource_BID
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "name": "79509",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79509"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "name": "79509",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79509"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7499",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7498 (GCVE-0-2015-7498)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "79548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79548"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "79548",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79548"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7498",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7497 (GCVE-0-2015-7497)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "79508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79508"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "79508",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79508"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7497",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5312 (GCVE-0-2015-5312)

    Vulnerability from nvd – Published: 2015-12-15 21:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    https://git.gnome.org/browse/libxml2/commit/?id=6… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1276693 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/79536 vdb-entryx_refsource_BID
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:09.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              },
              {
                "name": "79536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            },
            {
              "name": "79536",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79536"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5312",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:09.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7942 (GCVE-0-2015-7942)

    Vulnerability from nvd – Published: 2015-11-18 16:00 – Updated: 2024-08-06 08:06
    VLAI
    Summary
    The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/10/22/5 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/79507 vdb-entryx_refsource_BID
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-2812-1 vendor-advisoryx_refsource_UBUNTU
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://bugzilla.gnome.org/show_bug.cgi?id=756456 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/10/22/8 mailing-listx_refsource_MLIST
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-10-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:30.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8"
              },
              {
                "name": "[oss-security] 20151022 Crafted xml causes out of bound memory access - Libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/22/5"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "79507",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79507"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "FEDORA-2016-a9ee80b01d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "USN-2812-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2812-1"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "FEDORA-2016-189a7bf68c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756456"
              },
              {
                "name": "[oss-security] 20151022 Re: Crafted xml causes out of bound memory access - Libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/22/8"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8"
            },
            {
              "name": "[oss-security] 20151022 Crafted xml causes out of bound memory access - Libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/22/5"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "79507",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79507"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "FEDORA-2016-a9ee80b01d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "USN-2812-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2812-1"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "FEDORA-2016-189a7bf68c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756456"
            },
            {
              "name": "[oss-security] 20151022 Re: Crafted xml causes out of bound memory access - Libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/22/8"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-5",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "https://support.apple.com/HT206167",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206167"
                },
                {
                  "name": "https://support.apple.com/HT206168",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206168"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8"
                },
                {
                  "name": "[oss-security] 20151022 Crafted xml causes out of bound memory access - Libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/22/5"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "79507",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/79507"
                },
                {
                  "name": "APPLE-SA-2016-03-21-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
                },
                {
                  "name": "http://xmlsoft.org/news.html",
                  "refsource": "CONFIRM",
                  "url": "http://xmlsoft.org/news.html"
                },
                {
                  "name": "FEDORA-2016-a9ee80b01d",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "USN-2812-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2812-1"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "FEDORA-2016-189a7bf68c",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756456",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756456"
                },
                {
                  "name": "[oss-security] 20151022 Re: Crafted xml causes out of bound memory access - Libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/22/8"
                },
                {
                  "name": "APPLE-SA-2016-03-21-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
                },
                {
                  "name": "https://support.apple.com/HT206169",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206169"
                },
                {
                  "name": "https://support.apple.com/HT206166",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206166"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7942",
        "datePublished": "2015-11-18T16:00:00.000Z",
        "dateReserved": "2015-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:06:30.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4820 (GCVE-0-2013-4820)

    Vulnerability from nvd – Published: 2013-09-23 10:00 – Updated: 2024-08-06 16:52
    VLAI
    Summary
    Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    Date Public
    2013-09-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:52:27.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
              },
              {
                "name": "HPSBGN02925",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
              },
              {
                "name": "SSRT101310",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-09T09:57:01.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
            },
            {
              "name": "HPSBGN02925",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
            },
            {
              "name": "SSRT101310",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2013-4820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
                },
                {
                  "name": "HPSBGN02925",
                  "refsource": "HP",
                  "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
                },
                {
                  "name": "SSRT101310",
                  "refsource": "HP",
                  "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2013-4820",
        "datePublished": "2013-09-23T10:00:00.000Z",
        "dateReserved": "2013-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:52:27.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4818 (GCVE-0-2013-4818)

    Vulnerability from nvd – Published: 2013-09-23 10:00 – Updated: 2024-08-06 16:52
    VLAI
    Summary
    Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    Date Public
    2013-09-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:52:27.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
              },
              {
                "name": "HPSBGN02925",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
              },
              {
                "name": "SSRT101310",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-09T09:57:01.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
            },
            {
              "name": "HPSBGN02925",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
            },
            {
              "name": "SSRT101310",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2013-4818",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
                },
                {
                  "name": "HPSBGN02925",
                  "refsource": "HP",
                  "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
                },
                {
                  "name": "SSRT101310",
                  "refsource": "HP",
                  "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2013-4818",
        "datePublished": "2013-09-23T10:00:00.000Z",
        "dateReserved": "2013-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:52:27.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-9597 (GCVE-0-2016-9597)

    Vulnerability from cvelistv5 – Published: 2018-07-30 14:00 – Updated: 2024-08-06 02:59
    VLAI
    Summary
    It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Red Hat libxml2 Affected: all
    Create a notification for this product.
    Date Public
    2016-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:59:03.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "98567",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98567"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "libxml2",
              "vendor": "Red Hat",
              "versions": [
                {
                  "status": "affected",
                  "version": "all"
                }
              ]
            }
          ],
          "datePublic": "2016-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-674",
                  "description": "CWE-674",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-31T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "98567",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98567"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-9597",
        "datePublished": "2018-07-30T14:00:00.000Z",
        "dateReserved": "2016-11-23T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:59:03.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3705 (GCVE-0-2016-3705)

    Vulnerability from cvelistv5 – Published: 2016-05-17 14:00 – Updated: 2024-08-06 00:03
    VLAI
    Summary
    The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2016-05-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.486Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/May/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "openSUSE-SU-2016:1446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
              },
              {
                "name": "openSUSE-SU-2016:1298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
              },
              {
                "name": "89854",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/89854"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-05-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "openSUSE-SU-2016:1446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
            },
            {
              "name": "openSUSE-SU-2016:1298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=765207"
            },
            {
              "name": "89854",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/89854"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2016-3705",
        "datePublished": "2016-05-17T14:00:00.000Z",
        "dateReserved": "2016-03-30T00:00:00.000Z",
        "dateUpdated": "2024-08-06T00:03:34.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-3627 (GCVE-0-2016-3627)

    Vulnerability from cvelistv5 – Published: 2016-05-17 14:00 – Updated: 2025-12-04 17:11
    VLAI
    Summary
    The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-674 - Uncontrolled Recursion
    Assigner
    Date Public
    2016-03-21 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T00:03:34.258Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2016/May/10"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
              },
              {
                "name": "openSUSE-SU-2016:1446",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
              },
              {
                "name": "openSUSE-SU-2016:1298",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
              },
              {
                "name": "RHSA-2016:1292",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2016:1292"
              },
              {
                "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
              },
              {
                "name": "DSA-3593",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2016/dsa-3593"
              },
              {
                "name": "1035335",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1035335"
              },
              {
                "name": "USN-2994-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2994-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
              },
              {
                "name": "84992",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/84992"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tenable.com/security/tns-2016-18"
              },
              {
                "name": "RHSA-2016:2957",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2016-3627",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-04T15:39:17.273628Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-674",
                    "description": "CWE-674 Uncontrolled Recursion",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-04T17:11:28.323Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2016-03-21T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-04T19:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/10"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
            },
            {
              "name": "openSUSE-SU-2016:1446",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
            },
            {
              "name": "openSUSE-SU-2016:1298",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
            },
            {
              "name": "RHSA-2016:1292",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2016:1292"
            },
            {
              "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
            },
            {
              "name": "DSA-3593",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2016/dsa-3593"
            },
            {
              "name": "1035335",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1035335"
            },
            {
              "name": "USN-2994-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2994-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
            },
            {
              "name": "84992",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/84992"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tenable.com/security/tns-2016-18"
            },
            {
              "name": "RHSA-2016:2957",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2016-3627",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2016/May/10"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10170"
                },
                {
                  "name": "openSUSE-SU-2016:1446",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html"
                },
                {
                  "name": "openSUSE-SU-2016:1298",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html"
                },
                {
                  "name": "RHSA-2016:1292",
                  "refsource": "REDHAT",
                  "url": "https://access.redhat.com/errata/RHSA-2016:1292"
                },
                {
                  "name": "[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/21/2"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html"
                },
                {
                  "name": "DSA-3593",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2016/dsa-3593"
                },
                {
                  "name": "1035335",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1035335"
                },
                {
                  "name": "USN-2994-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2994-1"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
                },
                {
                  "name": "84992",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/84992"
                },
                {
                  "name": "https://www.tenable.com/security/tns-2016-18",
                  "refsource": "CONFIRM",
                  "url": "https://www.tenable.com/security/tns-2016-18"
                },
                {
                  "name": "RHSA-2016:2957",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2016/03/21/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2016-3627",
        "datePublished": "2016-05-17T14:00:00.000Z",
        "dateReserved": "2016-03-21T00:00:00.000Z",
        "dateUpdated": "2025-12-04T17:11:28.323Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-7497 (GCVE-0-2015-7497)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.144Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "79508",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79508"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281862"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "79508",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79508"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7497",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7499 (GCVE-0-2015-7499)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=3… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    https://git.gnome.org/browse/libxml2/commit/?id=2… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=1281925 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securityfocus.com/bid/79509 vdb-entryx_refsource_BID
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:27.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "name": "79509",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79509"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281925"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "name": "79509",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79509"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7499",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:27.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-5312 (GCVE-0-2015-5312)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 06:41
    VLAI
    Summary
    The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    https://git.gnome.org/browse/libxml2/commit/?id=6… x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1276693 x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    http://www.securityfocus.com/bid/79536 vdb-entryx_refsource_BID
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T06:41:09.539Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              },
              {
                "name": "79536",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79536"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1276693"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            },
            {
              "name": "79536",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79536"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-5312",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-07-01T00:00:00.000Z",
        "dateUpdated": "2024-08-06T06:41:09.539Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7500 (GCVE-0-2015-7500)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=f… x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1281943 x_refsource_CONFIRM
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/79562 vdb-entryx_refsource_BID
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "79562",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79562"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281943"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "79562",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79562"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7500",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8317 (GCVE-0-2015-8317)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://bugzilla.redhat.com/show_bug.cgi?id=1281930 x_refsource_CONFIRM
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206901 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=751603 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=9… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/91826 vdb-entryx_refsource_BID
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://blog.fuzzing-project.org/28-Libxml2-Sever… x_refsource_MISC
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    https://git.gnome.org/browse/libxml2/commit/?id=7… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/77681 vdb-entryx_refsource_BID
    http://www.openwall.com/lists/oss-security/2015/11/22/3 mailing-listx_refsource_MLIST
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/11/21/1 mailing-listx_refsource_MLIST
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206905 x_refsource_CONFIRM
    https://support.apple.com/HT206903 x_refsource_CONFIRM
    https://bugzilla.gnome.org/show_bug.cgi?id=751631 x_refsource_CONFIRM
    https://support.apple.com/HT206902 x_refsource_CONFIRM
    https://support.apple.com/HT206904 x_refsource_CONFIRM
    https://support.apple.com/HT206899 x_refsource_CONFIRM
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:32.133Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "APPLE-SA-2016-07-18-4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206901"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "91826",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/91826"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "APPLE-SA-2016-07-18-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
              },
              {
                "name": "APPLE-SA-2016-07-18-6",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
              },
              {
                "name": "77681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77681"
              },
              {
                "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206905"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206903"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206902"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206904"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206899"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "APPLE-SA-2016-07-18-4",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206901"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "91826",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/91826"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "APPLE-SA-2016-07-18-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
            },
            {
              "name": "APPLE-SA-2016-07-18-6",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
            },
            {
              "name": "77681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77681"
            },
            {
              "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206905"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206903"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206902"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206904"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206899"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8317",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281930"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "APPLE-SA-2016-07-18-4",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html"
                },
                {
                  "name": "https://support.apple.com/HT206901",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206901"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=751603",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751603"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "91826",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/91826"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "APPLE-SA-2016-07-18-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
                },
                {
                  "name": "APPLE-SA-2016-07-18-6",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html",
                  "refsource": "MISC",
                  "url": "https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e"
                },
                {
                  "name": "77681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77681"
                },
                {
                  "name": "[oss-security] 20151122 Re: Libxml2: Several out of bounds reads",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/22/3"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "[oss-security] 20151121 Libxml2: Several out of bounds reads",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/21/1"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://support.apple.com/HT206905",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206905"
                },
                {
                  "name": "https://support.apple.com/HT206903",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206903"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=751631",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=751631"
                },
                {
                  "name": "https://support.apple.com/HT206902",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206902"
                },
                {
                  "name": "https://support.apple.com/HT206904",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206904"
                },
                {
                  "name": "https://support.apple.com/HT206899",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206899"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8317",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:32.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8241 (GCVE-0-2015-8241)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2015-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:32.137Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "77621",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77621"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "name": "[oss-security] 20151118 Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "77621",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77621"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8241",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "77621",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77621"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756263",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8241",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:32.137Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-8242 (GCVE-0-2015-8242)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 08:13
    VLAI
    Summary
    The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    http://www.openwall.com/lists/oss-security/2015/11/17/5 mailing-listx_refsource_MLIST
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    https://git.gnome.org/browse/libxml2/commit/?id=8… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    https://bugzilla.redhat.com/show_bug.cgi?id=1281950 x_refsource_CONFIRM
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.ubuntu.com/usn/USN-2834-1 vendor-advisoryx_refsource_UBUNTU
    http://www.openwall.com/lists/oss-security/2015/1… mailing-listx_refsource_MLIST
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    https://bugzilla.gnome.org/show_bug.cgi?id=756372 x_refsource_CONFIRM
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://www.securityfocus.com/bid/77681 vdb-entryx_refsource_BID
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-11-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:13:31.676Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "77681",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/77681"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "name": "[oss-security] 20151118 Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "77681",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/77681"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-8242",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-5",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "[oss-security] 20151118 Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"
                },
                {
                  "name": "https://support.apple.com/HT206167",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206167"
                },
                {
                  "name": "https://support.apple.com/HT206168",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206168"
                },
                {
                  "name": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2",
                  "refsource": "CONFIRM",
                  "url": "https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2"
                },
                {
                  "name": "APPLE-SA-2016-03-21-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
                },
                {
                  "name": "http://xmlsoft.org/news.html",
                  "refsource": "CONFIRM",
                  "url": "http://xmlsoft.org/news.html"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281950"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
                },
                {
                  "name": "USN-2834-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2834-1"
                },
                {
                  "name": "[oss-security] 20151118 Re: Buffer overflow in libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756372",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756372"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "77681",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/77681"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
                },
                {
                  "name": "https://support.apple.com/HT206169",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206169"
                },
                {
                  "name": "https://support.apple.com/HT206166",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206166"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-8242",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:13:31.676Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7498 (GCVE-0-2015-7498)

    Vulnerability from cvelistv5 – Published: 2015-12-15 21:00 – Updated: 2024-08-06 07:51
    VLAI
    Summary
    Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-11-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.127Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "USN-2834-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2834-1"
              },
              {
                "name": "79548",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79548"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281879"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "USN-2834-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2834-1"
            },
            {
              "name": "79548",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79548"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7498",
        "datePublished": "2015-12-15T21:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.127Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-7942 (GCVE-0-2015-7942)

    Vulnerability from cvelistv5 – Published: 2015-11-18 16:00 – Updated: 2024-08-06 08:06
    VLAI
    Summary
    The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2015-2550.html vendor-advisoryx_refsource_REDHAT
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://lists.opensuse.org/opensuse-updates/2016-0… vendor-advisoryx_refsource_SUSE
    https://support.apple.com/HT206167 x_refsource_CONFIRM
    https://support.apple.com/HT206168 x_refsource_CONFIRM
    https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/10/22/5 mailing-listx_refsource_MLIST
    http://www.debian.org/security/2015/dsa-3430 vendor-advisoryx_refsource_DEBIAN
    http://www.securityfocus.com/bid/79507 vdb-entryx_refsource_BID
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://xmlsoft.org/news.html x_refsource_CONFIRM
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    http://rhn.redhat.com/errata/RHSA-2016-1089.html vendor-advisoryx_refsource_REDHAT
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://www.oracle.com/technetwork/topics/security… x_refsource_CONFIRM
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    http://www.securitytracker.com/id/1034243 vdb-entryx_refsource_SECTRACK
    http://rhn.redhat.com/errata/RHSA-2015-2549.html vendor-advisoryx_refsource_REDHAT
    http://www.ubuntu.com/usn/USN-2812-1 vendor-advisoryx_refsource_UBUNTU
    http://marc.info/?l=bugtraq&m=145382616617563&w=2 vendor-advisoryx_refsource_HP
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://h20566.www2.hpe.com/portal/site/hpsc/publ… x_refsource_CONFIRM
    https://security.gentoo.org/glsa/201701-37 vendor-advisoryx_refsource_GENTOO
    http://lists.opensuse.org/opensuse-updates/2015-1… vendor-advisoryx_refsource_SUSE
    https://bugzilla.gnome.org/show_bug.cgi?id=756456 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2015/10/22/8 mailing-listx_refsource_MLIST
    http://lists.apple.com/archives/security-announce… vendor-advisoryx_refsource_APPLE
    https://support.apple.com/HT206169 x_refsource_CONFIRM
    https://support.apple.com/HT206166 x_refsource_CONFIRM
    Date Public
    2015-10-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:06:30.993Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2015:2550",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-5",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
              },
              {
                "name": "openSUSE-SU-2016:0106",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206167"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206168"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8"
              },
              {
                "name": "[oss-security] 20151022 Crafted xml causes out of bound memory access - Libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/22/5"
              },
              {
                "name": "DSA-3430",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2015/dsa-3430"
              },
              {
                "name": "79507",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/79507"
              },
              {
                "name": "APPLE-SA-2016-03-21-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xmlsoft.org/news.html"
              },
              {
                "name": "FEDORA-2016-a9ee80b01d",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html"
              },
              {
                "name": "RHSA-2016:1089",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
              },
              {
                "name": "APPLE-SA-2016-03-21-2",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
              },
              {
                "name": "1034243",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034243"
              },
              {
                "name": "RHSA-2015:2549",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
              },
              {
                "name": "USN-2812-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2812-1"
              },
              {
                "name": "HPSBGN03537",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
              },
              {
                "name": "FEDORA-2016-189a7bf68c",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
              },
              {
                "name": "GLSA-201701-37",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201701-37"
              },
              {
                "name": "openSUSE-SU-2015:2372",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756456"
              },
              {
                "name": "[oss-security] 20151022 Re: Crafted xml causes out of bound memory access - Libxml2",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2015/10/22/8"
              },
              {
                "name": "APPLE-SA-2016-03-21-3",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_APPLE",
                  "x_transferred"
                ],
                "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206169"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.apple.com/HT206166"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-10-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-09-13T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "RHSA-2015:2550",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-5",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
            },
            {
              "name": "openSUSE-SU-2016:0106",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206167"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206168"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8"
            },
            {
              "name": "[oss-security] 20151022 Crafted xml causes out of bound memory access - Libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/22/5"
            },
            {
              "name": "DSA-3430",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3430"
            },
            {
              "name": "79507",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/79507"
            },
            {
              "name": "APPLE-SA-2016-03-21-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xmlsoft.org/news.html"
            },
            {
              "name": "FEDORA-2016-a9ee80b01d",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html"
            },
            {
              "name": "RHSA-2016:1089",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
            },
            {
              "name": "APPLE-SA-2016-03-21-2",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
            },
            {
              "name": "1034243",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1034243"
            },
            {
              "name": "RHSA-2015:2549",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
            },
            {
              "name": "USN-2812-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2812-1"
            },
            {
              "name": "HPSBGN03537",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
            },
            {
              "name": "FEDORA-2016-189a7bf68c",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
            },
            {
              "name": "GLSA-201701-37",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201701-37"
            },
            {
              "name": "openSUSE-SU-2015:2372",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756456"
            },
            {
              "name": "[oss-security] 20151022 Re: Crafted xml causes out of bound memory access - Libxml2",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2015/10/22/8"
            },
            {
              "name": "APPLE-SA-2016-03-21-3",
              "tags": [
                "vendor-advisory",
                "x_refsource_APPLE"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206169"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.apple.com/HT206166"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-7942",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "RHSA-2015:2550",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-5",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"
                },
                {
                  "name": "openSUSE-SU-2016:0106",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"
                },
                {
                  "name": "https://support.apple.com/HT206167",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206167"
                },
                {
                  "name": "https://support.apple.com/HT206168",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206168"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8"
                },
                {
                  "name": "[oss-security] 20151022 Crafted xml causes out of bound memory access - Libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/22/5"
                },
                {
                  "name": "DSA-3430",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2015/dsa-3430"
                },
                {
                  "name": "79507",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/79507"
                },
                {
                  "name": "APPLE-SA-2016-03-21-1",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"
                },
                {
                  "name": "http://xmlsoft.org/news.html",
                  "refsource": "CONFIRM",
                  "url": "http://xmlsoft.org/news.html"
                },
                {
                  "name": "FEDORA-2016-a9ee80b01d",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html"
                },
                {
                  "name": "RHSA-2016:1089",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
                },
                {
                  "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
                },
                {
                  "name": "APPLE-SA-2016-03-21-2",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"
                },
                {
                  "name": "1034243",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1034243"
                },
                {
                  "name": "RHSA-2015:2549",
                  "refsource": "REDHAT",
                  "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"
                },
                {
                  "name": "USN-2812-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2812-1"
                },
                {
                  "name": "HPSBGN03537",
                  "refsource": "HP",
                  "url": "http://marc.info/?l=bugtraq\u0026m=145382616617563\u0026w=2"
                },
                {
                  "name": "FEDORA-2016-189a7bf68c",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html"
                },
                {
                  "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172",
                  "refsource": "CONFIRM",
                  "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"
                },
                {
                  "name": "GLSA-201701-37",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201701-37"
                },
                {
                  "name": "openSUSE-SU-2015:2372",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"
                },
                {
                  "name": "https://bugzilla.gnome.org/show_bug.cgi?id=756456",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756456"
                },
                {
                  "name": "[oss-security] 20151022 Re: Crafted xml causes out of bound memory access - Libxml2",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2015/10/22/8"
                },
                {
                  "name": "APPLE-SA-2016-03-21-3",
                  "refsource": "APPLE",
                  "url": "http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"
                },
                {
                  "name": "https://support.apple.com/HT206169",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206169"
                },
                {
                  "name": "https://support.apple.com/HT206166",
                  "refsource": "CONFIRM",
                  "url": "https://support.apple.com/HT206166"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-7942",
        "datePublished": "2015-11-18T16:00:00.000Z",
        "dateReserved": "2015-10-22T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:06:30.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4818 (GCVE-0-2013-4818)

    Vulnerability from cvelistv5 – Published: 2013-09-23 10:00 – Updated: 2024-08-06 16:52
    VLAI
    Summary
    Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    Date Public
    2013-09-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:52:27.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
              },
              {
                "name": "HPSBGN02925",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
              },
              {
                "name": "SSRT101310",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-09T09:57:01.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
            },
            {
              "name": "HPSBGN02925",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
            },
            {
              "name": "SSRT101310",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2013-4818",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers to obtain sensitive information via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
                },
                {
                  "name": "HPSBGN02925",
                  "refsource": "HP",
                  "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
                },
                {
                  "name": "SSRT101310",
                  "refsource": "HP",
                  "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2013-4818",
        "datePublished": "2013-09-23T10:00:00.000Z",
        "dateReserved": "2013-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:52:27.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-4820 (GCVE-0-2013-4820)

    Vulnerability from cvelistv5 – Published: 2013-09-23 10:00 – Updated: 2024-08-06 16:52
    VLAI
    Summary
    Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    hp
    References
    Date Public
    2013-09-19 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:52:27.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
              },
              {
                "name": "HPSBGN02925",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
              },
              {
                "name": "SSRT101310",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_HP",
                  "x_transferred"
                ],
                "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2013-09-19T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-09T09:57:01.000Z",
            "orgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
            "shortName": "hp"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
            },
            {
              "name": "HPSBGN02925",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
            },
            {
              "name": "SSRT101310",
              "tags": [
                "vendor-advisory",
                "x_refsource_HP"
              ],
              "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "hp-security-alert@hp.com",
              "ID": "CVE-2013-4820",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall File Manager 3.0 through SP4 allows remote authenticated users to obtain sensitive information via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632",
                  "refsource": "CONFIRM",
                  "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c03918632"
                },
                {
                  "name": "HPSBGN02925",
                  "refsource": "HP",
                  "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
                },
                {
                  "name": "SSRT101310",
                  "refsource": "HP",
                  "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03918632"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "74586083-13ce-40fd-b46a-8e5d23cfbcb2",
        "assignerShortName": "hp",
        "cveId": "CVE-2013-4820",
        "datePublished": "2013-09-23T10:00:00.000Z",
        "dateReserved": "2013-07-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T16:52:27.334Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }