Lucene search

K

[email protected]NVD:CVE-2015-6838

HistoryMay 16, 2016 - 10:59 a.m.

CVE-2015-6838

2016-05-1610:59:21

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837.

Affected configurations

NVD

Node

phpphpMatch5.6.0alpha1

OR

phpphpMatch5.6.0alpha2

OR

phpphpMatch5.6.0alpha3

OR

phpphpMatch5.6.0alpha4

OR

phpphpMatch5.6.0alpha5

OR

phpphpMatch5.6.0beta1

OR

phpphpMatch5.6.0beta2

OR

phpphpMatch5.6.0beta3

OR

phpphpMatch5.6.0beta4

OR

phpphpMatch5.6.1

OR

phpphpMatch5.6.2

OR

phpphpMatch5.6.3

OR

phpphpMatch5.6.4

OR

phpphpMatch5.6.5

OR

phpphpMatch5.6.6

OR

phpphpMatch5.6.7

OR

phpphpMatch5.6.8

OR

phpphpMatch5.6.9

OR

phpphpMatch5.6.10

OR

phpphpMatch5.6.11

OR

phpphpMatch5.6.12

AND

xmlsoftlibxml2Range≤2.9.1

Node

phpphpMatch5.5.0

OR

phpphpMatch5.5.0alpha1

OR

phpphpMatch5.5.0alpha2

OR

phpphpMatch5.5.0alpha3

OR

phpphpMatch5.5.0alpha4

OR

phpphpMatch5.5.0alpha5

OR

phpphpMatch5.5.0alpha6

OR

phpphpMatch5.5.0beta1

OR

phpphpMatch5.5.0beta2

OR

phpphpMatch5.5.0beta3

OR

phpphpMatch5.5.0beta4

OR

phpphpMatch5.5.0rc1

OR

phpphpMatch5.5.0rc2

OR

phpphpMatch5.5.1

OR

phpphpMatch5.5.2

OR

phpphpMatch5.5.3

OR

phpphpMatch5.5.4

OR

phpphpMatch5.5.5

OR

phpphpMatch5.5.6

OR

phpphpMatch5.5.7

OR

phpphpMatch5.5.8

OR

phpphpMatch5.5.9

OR

phpphpMatch5.5.10

OR

phpphpMatch5.5.11

OR

phpphpMatch5.5.12

OR

phpphpMatch5.5.13

OR

phpphpMatch5.5.14

OR

phpphpMatch5.5.15

OR

phpphpMatch5.5.16

OR

phpphpMatch5.5.17

OR

phpphpMatch5.5.18

OR

phpphpMatch5.5.19

OR

phpphpMatch5.5.20

OR

phpphpMatch5.5.21

OR

phpphpMatch5.5.22

OR

phpphpMatch5.5.23

OR

phpphpMatch5.5.24

OR

phpphpMatch5.5.25

OR

phpphpMatch5.5.26

OR

phpphpMatch5.5.27

OR

phpphpMatch5.5.28

AND

xmlsoftlibxml2Range≤2.9.1

Node

phpphpRange≤5.4.44

AND

xmlsoftlibxml2Range≤2.9.1

References

php.net/ChangeLog-5.php

www.debian.org/security/2015/dsa-3358

www.securityfocus.com/bid/76733

www.securitytracker.com/id/1033548

bugs.php.net/bug.php?id=69782

security.gentoo.org/glsa/201606-10

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.028 Low

EPSS

Percentile

90.7%

Related for NVD:CVE-2015-6838

ubuntucve2 cvelist2 cve2 nvd1 prion2 openvas20 ibm2 suse5 nessus29 fedora3 mageia1 securityvulns4 amazon3 debian3 freebsd1 slackware1 f52 osv2 ubuntu1 veracode11 redhat1 gentoo1 cloudlinux1