Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-5312
HistoryNov 26, 2015 - 12:00 a.m.

CVE-2015-5312

2015-11-2600:00:00
ubuntu.com
ubuntu.com
18

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

78.5%

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3
does not properly prevent entity expansion, which allows context-dependent
attackers to cause a denial of service (CPU consumption) via crafted XML
data, a different vulnerability than CVE-2014-3660.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu12.04noarchlibxml2< 2.7.8.dfsg-5.1ubuntu4.13UNKNOWN
ubuntu14.04noarchlibxml2< 2.9.1+dfsg1-3ubuntu4.6UNKNOWN
ubuntu15.04noarchlibxml2< 2.9.2+dfsg1-3ubuntu0.2UNKNOWN
ubuntu15.10noarchlibxml2< 2.9.2+zdfsg1-4ubuntu0.2UNKNOWN

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

78.5%