CVE-2015-8241
published 2015-12-15CVE-2015-8241: The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based…
medium6.4CVSS 3.1
AVNACLAuNCPINAP
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.3+dfsg1-1 (bookworm) | libxml2 2.9.3+dfsg1-1 (bookworm) |
| hp | icewall_federation_agent | — | — |
| hp | icewall_file_manager | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| xmlsoft | libxml2 | <= 2.9.2 | — |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1 | 2.9.3+dfsg1-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1 | 2.9.3+dfsg1-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1 | 2.9.3+dfsg1-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1 | 2.9.3+dfsg1-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.6 | 2.9.1+dfsg1-3ubuntu4.6 |
CVSS provenance
nvd6.4MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:P
osv7.1HIGH