Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-5523
HistoryAug 11, 2015 - 2:59 p.m.

CVE-2015-5523

2015-08-1114:59:15
CWE-119
[email protected]
web.nvd.nist.gov
7

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

5.5

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

Affected configurations

Nvd
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch15.04
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
appleiphone_osRange8.2
OR
applemac_os_xRange10.6.8
OR
applewatchosRange1.0.1
Node
htacgtidyRange4.9.30
VendorProductVersionCPE
canonicalubuntu_linux12.04cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
canonicalubuntu_linux15.04cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
debiandebian_linux7.0cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
htacgtidy*cpe:2.3:a:htacg:tidy:*:*:*:*:*:*:*:*

Related

cvelist 1
cve 1
prion 1
osv 3
nessus 7
debian 2
freebsd 1
securityvulns 8
openvas 4
ubuntucve 1
ubuntu 1
cvelist
cvelist
CVE-2015-5523
2015-08-11 14:00:00
cve
cve
CVE-2015-5523
2015-08-11 14:59:15
prion
prion
Memory corruption
2015-08-11 14:59:00
osv
osv
tidy - security update
2015-07-18 00:00:00
tidy - security update
2015-07-18 00:00:00
libtidy-devel-5.2.0-2.3 on GA media
2024-06-15 00:00:00
nessus
nessus
Debian DSA-3309-1 : tidy - security update
2015-07-20 00:00:00
Debian DLA-273-1 : tidy security update
2015-07-20 00:00:00
FreeBSD : tidy -- heap-buffer-overflow (bd1ab7a5-0e01-11e5-9976-a0f3c100ae18)
2015-06-09 00:00:00
debian
debian
[SECURITY] [DLA 273-1] tidy security update
2015-07-18 10:09:52
[SECURITY] [DSA 3309-1] tidy security update
2015-07-18 17:11:56
freebsd
freebsd
tidy -- heap-buffer-overflow
2015-06-03 00:00:00
securityvulns
securityvulns
tidy security vulnerabilities
2015-07-20 00:00:00
[SECURITY] [DSA 3309-1] tidy security update
2015-07-20 00:00:00
APPLE-SA-2015-09-21-1 watchOS 2
2015-10-05 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-273-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3309-1)
2015-07-17 00:00:00
Ubuntu: Security Advisory (USN-2695-1)
2015-07-30 00:00:00
ubuntucve
ubuntucve
CVE-2015-5523
2015-07-16 00:00:00
ubuntu
ubuntu
HTML Tidy vulnerabilities
2015-07-29 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

5.5

Confidence

High

EPSS

0.02

Percentile

88.9%

JSON
Related for NVD:CVE-2015-5523
cvelist1cve1prion1osv3nessus7debian2freebsd1securityvulns8openvas4ubuntucve1ubuntu1