logo
DATABASE RESOURCES PRICING ABOUT US

Security Bulletin: IBM Security Guardium is affected by the OpenSource libxml2 vulnerability

Description

## Summary Libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the xmlParseXMLDecl function. By using a malformed XML file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. ## Vulnerability Details **CVEID:** [CVE-2015-8317](<https://vulners.com/cve/CVE-2015-8317>)** DESCRIPTION:** libxml2 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the xmlParseXMLDecl function. By using a malformed XML file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. CVSS Base Score: 5.9 CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/108316> for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) ## Affected Products and Versions IBM Security Guardium 10 ## Remediation/Fixes _Product_ | _VRMF_| _APAR_| _Remediation/First Fix_ ---|---|---|--- IBM Security Guardium _ _| _10 _| _PSIRT 66911 _| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6019_SecurityUpdate&includeSupersedes=0&source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=ibm%7EInformation%2BManagement&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6019_SecurityUpdate&includeSupersedes=0&source=fc>) ##


Affected Software


CPE Name Name Version
ibm security guardium 10.0

Related