Lucene search

K
freebsdFreeBSD0DA8A68E-600A-11E6-A6C3-14DAE9D210B8
HistoryAug 18, 2015 - 12:00 a.m.

FreeBSD -- Multiple integer overflows in expat (libbsdxml) XML parser

2015-08-1800:00:00
vuxml.freebsd.org
11

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%

Problem Description:
Multiple integer overflows have been discovered in the
XML_GetBuffer() function in the expat library.
Impact:
The integer overflows may be exploited by using specifically
crafted XML data and lead to infinite loop, or a heap buffer
overflow, which results in a Denial of Service condition,
or enables remote attackers to execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchfreebsd= 10.1UNKNOWN
FreeBSDanynoarchfreebsd< 10.1_18UNKNOWN

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.032 Low

EPSS

Percentile

91.0%