Vulnerability Details : CVE-2015-7942
Potential exploit
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2015-7942
- cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.9.2:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-7942
0.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 78 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-7942
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2015-7942
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-7942
-
http://www.openwall.com/lists/oss-security/2015/10/22/5
oss-security - Crafted xml causes out of bound memory access - Libxml2
-
https://support.apple.com/HT206169
About the security content of tvOS 9.2 - Apple SupportVendor Advisory
-
http://xmlsoft.org/news.html
Releases
-
http://marc.info/?l=bugtraq&m=145382616617563&w=2
'[security bulletin] HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager runnin' - MARCThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-2549.html
RHSA-2015:2549 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://support.apple.com/HT206168
About the security content of watchOS 2.2 - Apple SupportVendor Advisory
-
http://www.debian.org/security/2015/dsa-3430
Debian -- Security Information -- DSA-3430-1 libxml2Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201701-37
libxml2: Multiple vulnerabilities (GLSA 201701-37) — Gentoo security
-
https://support.apple.com/HT206166
About the security content of iOS 9.3 - Apple SupportVendor Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
http://rhn.redhat.com/errata/RHSA-2015-2550.html
RHSA-2015:2550 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securityfocus.com/bid/79507
Libxml2 'xmlParseConditionalSections()' Function Denial of Service Vulnerability
-
https://support.apple.com/HT206167
About the security content of OS X El Capitan v10.11.4 and Security Update 2016-002 - Apple SupportVendor Advisory
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
Oracle Linux Bulletin - October 2015
-
https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8
Bug 744980 – Out of bounds memory access in libxml2Exploit;Issue Tracking
-
http://www.openwall.com/lists/oss-security/2015/10/22/8
oss-security - Re: Crafted xml causes out of bound memory access - Libxml2
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html
[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22
-
http://www.securitytracker.com/id/1034243
Libxml2 Multiple Flaws Let Remote Users Deny Service and Cause Other Unspecified Impacts - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
openSUSE-SU-2015:2372-1: moderate: Security update for libxml2
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
https://bugzilla.gnome.org/show_bug.cgi?id=756456
Bug 756456 – heap-buffer-overflow in xmlParseConditionalSectionsExploit;Issue Tracking
-
http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
openSUSE-SU-2016:0106-1: moderate: Security update for libxml2
-
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-1089.html
Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2812-1
USN-2812-1: libxml2 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
HPSBGN03537 rev.1 - HPE IceWall Federation Agent and IceWall File Manager running libXML2, Remote or Local Denial of Service (DoS)Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html
[SECURITY] Fedora 23 Update: mingw-libxml2-2.9.3-1.fc23
Jump to