CVE Vulnerabilities

CVE-2015-5312

Published: Dec 15, 2015 | Modified: Mar 08, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 12.04 12.04
Ubuntu_linux Canonical 14.04 14.04
Ubuntu_linux Canonical 15.04 15.04
Ubuntu_linux Canonical 15.10 15.10
Red Hat Enterprise Linux 6 RedHat libxml2-0:2.7.6-20.el6_7.1 *
Red Hat Enterprise Linux 7 RedHat libxml2-0:2.9.1-6.el7_2.2 *
Red Hat JBoss Web Server 3.0 RedHat libxml2 *
Libxml2 Ubuntu devel *
Libxml2 Ubuntu precise *
Libxml2 Ubuntu trusty *
Libxml2 Ubuntu trusty/esm *
Libxml2 Ubuntu upstream *
Libxml2 Ubuntu vivid *
Libxml2 Ubuntu vivid/stable-phone-overlay *
Libxml2 Ubuntu wily *

References