Lucene search

K
cve[email protected]CVE-2015-8317
HistoryDec 15, 2015 - 9:59 p.m.

CVE-2015-8317

2015-12-1521:59:09
CWE-119
web.nvd.nist.gov
67
cve-2015-8317
xml
libxml2
parser
security
vulnerability
nvd

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.3%

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

Affected configurations

NVD
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch15.04
OR
canonicalubuntu_linuxMatch15.10
Node
xmlsoftlibxml2Range2.9.2
Node
redhatenterprise_linux_desktopMatch6.0
OR
redhatenterprise_linux_hpc_nodeMatch6.0
OR
redhatenterprise_linux_serverMatch6.0
OR
redhatenterprise_linux_workstationMatch6.0
Node
hpicewall_federation_agentMatch3.0
OR
hpicewall_file_managerMatch3.0

References

6.9 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.3%