CVE-2015-8806

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

References

http://www.openwall.com/lists/oss-security/2016/02/03/5

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.securityfocus.com/bid/82071

http://www.ubuntu.com/usn/USN-2994-1

https://bugzilla.gnome.org/show_bug.cgi?id=749115

https://security.gentoo.org/glsa/201701-37

https://www.debian.org/security/2016/dsa-3593

Details

Source: MITRE

Published: 2016-04-13

Updated: 2020-09-11

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (10 total)

IDNameProductFamilySeverity
135636EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1474)NessusHuawei Local Security Checks
high
130673EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-2211)NessusHuawei Local Security Checks
critical
97476F5 Networks BIG-IP : libxml2 vulnerability (K04450715)NessusF5 Networks Local Security Checks
high
96541GLSA-201701-37 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
93154SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1)NessusSuSE Local Security Checks
critical
91656SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:1538-1)NessusSuSE Local Security Checks
critical
91639openSUSE Security Update : libxml2 (openSUSE-2016-733)NessusSuSE Local Security Checks
critical
91499Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libxml2 vulnerabilities (USN-2994-1)NessusUbuntu Local Security Checks
high
91472Debian DLA-503-1 : libxml2 security updateNessusDebian Local Security Checks
high
91447Debian DSA-3593-1 : libxml2 - security updateNessusDebian Local Security Checks
high