Lucene search

K
nvd[email protected]NVD:CVE-2015-7942
HistoryNov 18, 2015 - 4:59 p.m.

CVE-2015-7942

2015-11-1816:59:06
CWE-119
web.nvd.nist.gov
1

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

High

EPSS

0.006

Percentile

78.9%

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.

Affected configurations

NVD
Node
hpicewall_federation_agentMatch3.0
OR
hpicewall_file_managerMatch3.0
Node
debiandebian_linuxMatch7.0
OR
debiandebian_linuxMatch8.0
Node
appleiphone_osRange9.2.1
OR
applemac_os_xRange10.11.3
OR
appletvosRange9.1
OR
applewatchosRange2.1
Node
canonicalubuntu_linuxMatch12.04lts
OR
canonicalubuntu_linuxMatch14.04lts
OR
canonicalubuntu_linuxMatch15.04
OR
canonicalubuntu_linuxMatch15.10
Node
xmlsoftlibxml2Match2.9.2

References

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

High

EPSS

0.006

Percentile

78.9%