Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2015-8317
HistoryDec 15, 2015 - 9:59 p.m.

CVE-2015-8317

2015-12-1521:59:09
Debian Security Bug Tracker
security-tracker.debian.org
22

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.01

Percentile

83.3%

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.01

Percentile

83.3%