CVE-2015-5523 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tidy

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow9 documents7 sources

Severity

4.3MEDIUMNVD

EPSS

5.0%

top 10.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Htacg Tidy Apple Iphone OS Apple MAC OS X +6 more

Timeline

PublishedAug 11

Latest updateMay 17

Description

The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages8 packages

▶Ubuntuhtacg/tidy< 20091223cvs-1.2ubuntu1.1

▶NVDhtacg/tidy4.9.30

▶NVDapple/watchos1.0.1

▶NVDapple/mac_os_x10.6.8

▶NVDapple/iphone_os8.2

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04

🔴Vulnerability Details

GHSA

GHSA-v5vg-qv4w-24wv: The ParseValue function in lexer↗2022-05-17

▶

OSV

CVE-2015-5523: The ParseValue function in lexer↗2015-07-16

▶

📋Vendor Advisories

Ubuntu

HTML Tidy vulnerabilities↗2015-07-29

▶

Red Hat

tidy: heap buffer overflow in ParseValue()↗2015-06-03

▶

Apple

CVE-2015-5523: watchOS 2↗

▶

Apple

CVE-2015-5523: OS X El Capitan v10.11↗

▶

Apple

CVE-2015-5523: iOS 9↗

▶

💬Community

Bugzilla

CVE-2015-5522 CVE-2015-5523 tidy: heap buffer overflow in ParseValue()↗2015-06-04

▶