CVE-2015-5522 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tidy

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

6.8MEDIUMNVD

EPSS

6.8%

top 8.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Htacg Tidy Apple Iphone OS Apple MAC OS X +6 more

Timeline

PublishedAug 11

Latest updateMay 17

Description

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages8 packages

▶Ubuntuhtacg/tidy< 20091223cvs-1.2ubuntu1.1

▶NVDhtacg/tidy4.9.30

▶NVDapple/watchos1.0.1

▶NVDapple/mac_os_x10.6.8

▶NVDapple/iphone_os8.2

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-wp28-phrj-p6rh: Heap-based buffer overflow in the ParseValue function in lexer↗2022-05-17

▶

OSV

CVE-2015-5522: Heap-based buffer overflow in the ParseValue function in lexer↗2015-07-16

▶

📋Vendor Advisories

Ubuntu

HTML Tidy vulnerabilities↗2015-07-29

▶

Red Hat

tidy: heap buffer overflow in ParseValue()↗2015-06-03

▶

Apple

CVE-2015-5522: watchOS 2↗

▶

Apple

CVE-2015-5522: iOS 9↗

▶

Apple

CVE-2015-5522: OS X El Capitan v10.11↗

▶

💬Community

Bugzilla

CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue()↗2015-06-04

▶