CVE-2015-8806

CWE-122Heap-based Buffer OverflowCWE-125Out-of-bounds Read13 documents8 sources
Severity
7.5HIGH
EPSS
6.1%
top 9.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Xmlsoft Libxml2Canonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedApr 13
Latest updateSep 17

Description

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDxmlsoft/libxml2< 2.9.4
Debianlibxml2< 2.9.3+dfsg1-1.1+3
Ubuntulibxml2< 2.9.1+dfsg1-3ubuntu4.8+1
RubyGemsnokogiri1.6.01.6.8

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

5
OSV
Denial of service or RCE from libxml2 and libxslt2018-09-17
GHSA
Denial of service or RCE from libxml2 and libxslt2018-09-17
OSV
libxml2 vulnerabilities2016-06-06
OSV
CVE-2015-8806: dict2016-04-13
CVEList
CVE-2015-8806: dict2016-04-13

📋Vendor Advisories

3
Ubuntu
libxml2 vulnerabilities2016-06-06
Red Hat
libxml2: heap-buffer overread in dict.c2016-01-26
Debian
CVE-2015-8806: libxml2 - dict.c in libxml2 allows remote attackers to cause a denial of service (heap-bas...2015

💬Community

4
Bugzilla
CVE-2015-8806 libxml2: heap-buffer overread in dict.c [fedora-all]2016-02-04
Bugzilla
CVE-2015-8806 mingw-libxml2: libxml2: heap-buffer overread in dict.c [epel-7]2016-02-04
Bugzilla
CVE-2015-8806 mingw-libxml2: libxml2: heap-buffer overread in dict.c [fedora-all]2016-02-04
Bugzilla
CVE-2015-8806 libxml2: heap-buffer overread in dict.c2016-02-04
CVE-2015-8806 (HIGH CVSS 7.5) | dict.c in libxml2 allows remote att | cvebase.io