Moderate

CVE-2015-8317 - Buffer Errors vulnerability in multiple products

Publication: 2015-12-15
Summary

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Xmlsoft Libxml2 2.9.2
  • HP Icewall Federation Agent 3.0
  • HP Icewall File Manager 3.0
  • Redhat Enterprise Linux Server 6.0
  • Redhat Enterprise Linux HPC Node 6.0
  • Redhat Enterprise Linux Desktop 6.0
  • Redhat Enterprise Linux Workstation 6.0
  • Debian Debian Linux 7.0
  • Debian Debian Linux 8.0
  • Canonical Ubuntu Linux 12.04
  • Canonical Ubuntu Linux 14.04
  • Canonical Ubuntu Linux 15.04
  • Canonical Ubuntu Linux 15.10

References