CVE-2015-0851 — Improper Input Validation in Project Xmltooling

CWE-189 CWE-20 — Improper Input Validation9 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmltooling Project Xmltooling

Timeline

PublishedAug 12

Latest updateMay 17

Description

XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianxmltooling_project/xmltooling< 1.5.6-1+3

▶NVDxmltooling_project/xmltooling1.5.4

🔴Vulnerability Details

GHSA

GHSA-2px9-x675-rqf5: XMLTooling-C before 1↗2022-05-17

▶

OSV

CVE-2015-0851: XMLTooling-C before 1↗2015-08-12

▶

CVEList

CVE-2015-0851: XMLTooling-C before 1↗2015-08-12

▶

📋Vendor Advisories

Red Hat

xmltooling: incorrect processing of well-formed but invalid XML↗2015-07-21

▶

Debian

CVE-2015-0851: xmltooling - XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider...↗2015

▶

💬Community

Bugzilla

CVE-2015-0851 xmltooling: incorrect processing of well-formed but invalid XML↗2015-07-30

▶

Bugzilla

CVE-2015-0851 xmltooling: incorrect processing of well-formed but invalid XML [fedora-all]↗2015-07-30

▶

Bugzilla

CVE-2013-7397 async-http-client: SSL/TLS certificate verification is disabled under certain conditions↗2014-08-26

▶