Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-8317
HistoryNov 23, 2015 - 12:00 a.m.

CVE-2015-8317

2015-11-2300:00:00
ubuntu.com
ubuntu.com
17

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

82.9%

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows
context-dependent attackers to obtain sensitive information via an (1)
unterminated encoding value or (2) incomplete XML declaration in XML data,
which triggers an out-of-bounds heap read.

Bugs

Notes

Author Note
mdeslaur already fixed by the following patches in wily+: 0011-Do-not-process-encoding-values-if-the-declaration-if.patch 0012-Fail-parsing-early-on-if-encoding-conversion-failed.patch
OSVersionArchitecturePackageVersionFilename
ubuntu15.04noarchlibxml2< 2.9.2+dfsg1-3ubuntu0.2UNKNOWN
ubuntu12.04noarchlibxml2< 2.7.8.dfsg-5.1ubuntu4.13UNKNOWN
ubuntu14.04noarchlibxml2< 2.9.1+dfsg1-3ubuntu4.6UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

82.9%

Related for UB:CVE-2015-8317