Vulnerability Details : CVE-2015-1283
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-1283
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
- cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Threat overview for CVE-2015-1283
Top countries where our scanners detected CVE-2015-1283
Top open port discovered on systems with this issue
80
IPs affected by CVE-2015-1283 29,575
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-1283!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-1283
3.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1283
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-1283
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1283
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html
[security-announce] SUSE-SU-2016:1508-1: important: Security update forMailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-2726-1
USN-2726-1: Expat vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html
[security-announce] openSUSE-SU-2015:1287-1: important: Security updateMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201701-21
Expat: Multiple vulnerabilities (GLSA 201701-21) — Gentoo securityThird Party Advisory
-
http://www.debian.org/security/2015/dsa-3318
Debian -- Security Information -- DSA-3318-1 expatThird Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016Third Party Advisory
-
https://www.tenable.com/security/tns-2016-20
[R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html
[security-announce] openSUSE-SU-2016:1523-1: important: Security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html
[security-announce] SUSE-SU-2016:1512-1: important: Security update forMailing List;Third Party Advisory
-
http://www.debian.org/security/2015/dsa-3315
Debian -- Security Information -- DSA-3315-1 chromium-browserThird Party Advisory
-
https://codereview.chromium.org/1224303003
Issue 1224303003: Apply a patch to prevent an integer overflow in expat. - Code ReviewPatch;Third Party Advisory
-
https://security.gentoo.org/glsa/201603-09
Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo securityThird Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=492052
492052 - Security: libexpat buffer-overflow seems to affect latest version of chromium on Linux x86_64 - chromium - MonorailIssue Tracking;Patch;Vendor Advisory
-
http://www.securitytracker.com/id/1033031
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, and Spoof URLs - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
Chrome Releases: Stable Channel UpdatePatch;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1499.html
RHSA-2015:1499 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html
[security-announce] openSUSE-SU-2016:1441-1: important: Security updateMailing List;Third Party Advisory
-
https://source.android.com/security/bulletin/2016-11-01.html
Android Security Bulletin—November 2016 | Android Open Source ProjectThird Party Advisory
-
http://www.securityfocus.com/bid/75973
Google Chrome Prior to 44.0.2403.89 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Security Bulletin - Policy Auditor update fixes multiple vulnerabilities in third-party libraries (CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2017-17740, CVE-2017-9287, CVE-2019-13057, CVE-2020-Third Party Advisory
Jump to