CVE-2015-8710

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

References

http://rhn.redhat.com/errata/RHSA-2016-1089.html

http://www.debian.org/security/2015/dsa-3430

http://www.openwall.com/lists/oss-security/2015/04/19/4

http://www.openwall.com/lists/oss-security/2015/09/13/1

http://www.openwall.com/lists/oss-security/2015/12/31/7

http://www.securityfocus.com/bid/79811

https://bugzilla.gnome.org/show_bug.cgi?id=746048

https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c

https://hackerone.com/reports/57125#activity-384861

Details

Source: MITRE

Published: 2016-04-11

Updated: 2020-02-26

Type: CWE-119

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
125603Amazon Linux 2 : libxml2 (ALAS-2019-1220)NessusAmazon Linux Local Security Checks
critical
101858F5 Networks BIG-IP : libxml2 vulnerability (K45439210)NessusF5 Networks Local Security Checks
critical
88135openSUSE Security Update : libxml2 (openSUSE-2016-68)NessusSuSE Local Security Checks
critical
88081SUSE SLED11 / SLES11 Security Update : libxml2 (SUSE-SU-2016:0187-1)NessusSuSE Local Security Checks
critical
88038SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:0178-1)NessusSuSE Local Security Checks
critical
88019Ubuntu 12.04 LTS / 14.04 LTS / 15.04 / 15.10 : libxml2 vulnerabilities (USN-2875-1)NessusUbuntu Local Security Checks
critical
87608Debian DSA-3430-1 : libxml2 - security updateNessusDebian Local Security Checks
critical
87234RHEL 7 : libxml2 (RHSA-2015:2550)NessusRed Hat Local Security Checks
critical
87231Oracle Linux 7 : libxml2 (ELSA-2015-2550)NessusOracle Linux Local Security Checks
critical
87224CentOS 7 : libxml2 (CESA-2015:2550)NessusCentOS Local Security Checks
critical