Vulnerability Details : CVE-2015-7497
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-7497
- cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7497
2.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7497
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-7497
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7497
-
http://www.securityfocus.com/bid/79508
Libxml2 'xmlDictComputeFastQKey()' Function Denial of Service Vulnerability
-
http://xmlsoft.org/news.html
ReleasesVendor Advisory
-
http://marc.info/?l=bugtraq&m=145382616617563&w=2
'[security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager runnin' - MARCThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2549.html
RHSA-2015:2549 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2015/dsa-3430
Debian -- Security Information -- DSA-3430-1 libxml2Third Party Advisory
-
https://security.gentoo.org/glsa/201701-37
libxml2: Multiple vulnerabilities (GLSA 201701-37) — Gentoo security
-
http://rhn.redhat.com/errata/RHSA-2015-2550.html
RHSA-2015:2550 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1281862
1281862 – (CVE-2015-7497) CVE-2015-7497 libxml2: Heap-based buffer overflow in xmlDictComputeFastQKeyIssue Tracking;Third Party Advisory;VDB Entry
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://www.securitytracker.com/id/1034243
Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
openSUSE-SU-2015:2372-1: moderate: Security update for libxml2
-
http://www.ubuntu.com/usn/USN-2834-1
USN-2834-1: libxml2 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
openSUSE-SU-2016:0106-1: moderate: Security update for libxml2
-
http://rhn.redhat.com/errata/RHSA-2016-1089.html
Red Hat Customer Portal
-
https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9
CVE-2015-7497 Avoid an heap buffer overflow in xmlDictComputeFastQKey (6360a31a) · Commits · GNOME / libxml2 · GitLab
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)Third Party Advisory
Jump to