Vulnerability Details : CVE-2015-7500
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
Vulnerability category: Denial of service
Products affected by CVE-2015-7500
- cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7500
1.98%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7500
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-7500
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7500
-
http://www.securityfocus.com/bid/79562
libxml2 CVE-2015-7500 Denial of Service Vulnerability
-
https://support.apple.com/HT206169
About the security content of tvOS 9.2 - Apple SupportVendor Advisory
-
http://xmlsoft.org/news.html
ReleasesVendor Advisory
-
http://marc.info/?l=bugtraq&m=145382616617563&w=2
'[security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager runnin' - MARCThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2549.html
RHSA-2015:2549 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT206168
About the security content of watchOS 2.2 - Apple SupportVendor Advisory
-
http://www.debian.org/security/2015/dsa-3430
Debian -- Security Information -- DSA-3430-1 libxml2Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f
CVE-2015-7500 Fix memory access error due to incorrect entities boundaries (f1063fdb) · Commits · GNOME / libxml2 · GitLab
-
https://security.gentoo.org/glsa/201701-37
libxml2: Multiple vulnerabilities (GLSA 201701-37) — Gentoo security
-
https://support.apple.com/HT206166
About the security content of iOS 9.3 - Apple SupportVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2550.html
RHSA-2015:2550 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT206167
About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple SupportVendor Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
Oracle Solaris Bulletin - January 2016
-
http://www.securitytracker.com/id/1034243
Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts - SecurityTracker
-
https://bugzilla.redhat.com/show_bug.cgi?id=1281943
1281943 – (CVE-2015-7500) CVE-2015-7500 libxml2: Heap buffer overflow in xmlParseMiscIssue Tracking
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
openSUSE-SU-2015:2372-1: moderate: Security update for libxml2
-
http://www.ubuntu.com/usn/USN-2834-1
USN-2834-1: libxml2 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
openSUSE-SU-2016:0106-1: moderate: Security update for libxml2
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1089.html
Red Hat Customer Portal
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)Third Party Advisory
Jump to