CVE-2015-8241 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Hp	Icewall Federation Agent Icewall File Manager
Redhat	Enterprise Linux Enterprise Linux Desktop Enterprise Linux Hpc Node Enterprise Linux Server Enterprise Linux Workstation Jboss Enterprise Web Server
Xmlsoft	Libxml2

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 6
libxml2-0:2.7.6-20.el6_7.1	cpe:/o:redhat:enterprise_linux:6	RHSA-2015:2549	2015-12-07T00:00:00Z
Red Hat Enterprise Linux 7
libxml2-0:2.9.1-6.el7_2.2	cpe:/o:redhat:enterprise_linux:7	RHSA-2015:2550	2015-12-07T00:00:00Z
Red Hat JBoss Web Server 3.0
libxml2	cpe:/a:redhat:jboss_enterprise_web_server:3.0	RHSA-2016:1089	2016-05-17T00:00:00Z

Link	Providers
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
http://marc.info/?l=bugtraq&m=145382616617563&w=2
http://rhn.redhat.com/errata/RHSA-2015-2549.html
http://rhn.redhat.com/errata/RHSA-2015-2550.html
http://rhn.redhat.com/errata/RHSA-2016-1089.html
http://www.debian.org/security/2015/dsa-3430
http://www.openwall.com/lists/oss-security/2015/11/17/5
http://www.openwall.com/lists/oss-security/2015/11/18/23
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/77621
http://www.securitytracker.com/id/1034243
http://www.ubuntu.com/usn/USN-2834-1
https://bugzilla.gnome.org/show_bug.cgi?id=756263
https://bugzilla.redhat.com/show_bug.cgi?id=1281936
https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
https://nvd.nist.gov/vuln/detail/CVE-2015-8241
https://www.cve.org/CVERecord?id=CVE-2015-8241

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-13T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2015:2550", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"}, {"name": "openSUSE-SU-2016:0106", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"}, {"name": "[oss-security] 20151118 Buffer overflow in libxml2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"}, {"name": "DSA-3430", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3430"}, {"name": "RHSA-2016:1089", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "77621", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/77621"}, {"name": "USN-2834-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2834-1"}, {"name": "[oss-security] 20151118 Re: Buffer overflow in libxml2", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"}, {"name": "1034243", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034243"}, {"name": "RHSA-2015:2549", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"}, {"name": "HPSBGN03537", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"name": "openSUSE-SU-2015:2372", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8241", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:2550", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"}, {"name": "openSUSE-SU-2016:0106", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"}, {"name": "[oss-security] 20151118 Buffer overflow in libxml2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"}, {"name": "DSA-3430", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3430"}, {"name": "RHSA-2016:1089", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "77621", "refsource": "BID", "url": "http://www.securityfocus.com/bid/77621"}, {"name": "USN-2834-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2834-1"}, {"name": "[oss-security] 20151118 Re: Buffer overflow in libxml2", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"}, {"name": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe", "refsource": "CONFIRM", "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"}, {"name": "1034243", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034243"}, {"name": "RHSA-2015:2549", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"}, {"name": "HPSBGN03537", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"}, {"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172", "refsource": "CONFIRM", "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"}, {"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"name": "openSUSE-SU-2015:2372", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"}, {"name": "https://bugzilla.gnome.org/show_bug.cgi?id=756263", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:13:32.137Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:2550", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"}, {"name": "openSUSE-SU-2016:0106", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"}, {"name": "[oss-security] 20151118 Buffer overflow in libxml2", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"}, {"name": "DSA-3430", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3430"}, {"name": "RHSA-2016:1089", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"name": "77621", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/77621"}, {"name": "USN-2834-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2834-1"}, {"name": "[oss-security] 20151118 Re: Buffer overflow in libxml2", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"}, {"name": "1034243", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034243"}, {"name": "RHSA-2015:2549", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"}, {"name": "HPSBGN03537", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"name": "openSUSE-SU-2015:2372", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8241", "datePublished": "2015-12-15T21:00:00", "dateReserved": "2015-11-18T00:00:00", "dateUpdated": "2024-08-06T08:13:32.137Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2015-11-18T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-09-13T09:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : RHSA-2015:2550 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2550.html (string)

}

1 : { »

name : openSUSE-SU-2016:0106 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html (string)

}

2 : { »

name : [oss-security] 20151118 Buffer overflow in libxml2 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/11/17/5 (string)

}

3 : { »

name : DSA-3430 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2015/dsa-3430 (string)

}

4 : { »

name : RHSA-2016:1089 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-1089.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

6 : { »

name : 77621 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/77621 (string)

}

7 : { »

name : USN-2834-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2834-1 (string)

}

8 : { »

name : [oss-security] 20151118 Re: Buffer overflow in libxml2 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : http://www.openwall.com/lists/oss-security/2015/11/18/23 (string)

}

9 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe (string)

}

10 : { »

name : 1034243 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

]

url : http://www.securitytracker.com/id/1034243 (string)

}

11 : { »

name : RHSA-2015:2549 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2549.html (string)

}

12 : { »

name : HPSBGN03537 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

]

url : http://marc.info/?l=bugtraq&m=145382616617563&w=2 (string)

}

13 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 (string)

}

14 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html (string)

}

15 : { »

name : openSUSE-SU-2015:2372 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html (string)

}

16 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=756263 (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1281936 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2015-8241 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : RHSA-2015:2550 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-2550.html (string)

}

1 : { »

name : openSUSE-SU-2016:0106 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html (string)

}

2 : { »

name : [oss-security] 20151118 Buffer overflow in libxml2 (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/11/17/5 (string)

}

3 : { »

name : DSA-3430 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2015/dsa-3430 (string)

}

4 : { »

name : RHSA-2016:1089 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2016-1089.html (string)

}

5 : { »

name : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

6 : { »

name : 77621 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/77621 (string)

}

7 : { »

name : USN-2834-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2834-1 (string)

}

8 : { »

name : [oss-security] 20151118 Re: Buffer overflow in libxml2 (string)

refsource : MLIST (string)

url : http://www.openwall.com/lists/oss-security/2015/11/18/23 (string)

}

9 : { »

name : https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe (string)

refsource : CONFIRM (string)

url : https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe (string)

}

10 : { »

name : 1034243 (string)

refsource : SECTRACK (string)

url : http://www.securitytracker.com/id/1034243 (string)

}

11 : { »

name : RHSA-2015:2549 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2015-2549.html (string)

}

12 : { »

name : HPSBGN03537 (string)

refsource : HP (string)

url : http://marc.info/?l=bugtraq&m=145382616617563&w=2 (string)

}

13 : { »

name : https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 (string)

refsource : CONFIRM (string)

url : https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 (string)

}

14 : { »

name : http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html (string)

refsource : CONFIRM (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html (string)

}

15 : { »

name : openSUSE-SU-2015:2372 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html (string)

}

16 : { »

name : https://bugzilla.gnome.org/show_bug.cgi?id=756263 (string)

refsource : CONFIRM (string)

url : https://bugzilla.gnome.org/show_bug.cgi?id=756263 (string)

}

17 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1281936 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1281936 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T08:13:32.137Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : RHSA-2015:2550 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2550.html (string)

}

1 : { »

name : openSUSE-SU-2016:0106 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html (string)

}

2 : { »

name : [oss-security] 20151118 Buffer overflow in libxml2 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/11/17/5 (string)

}

3 : { »

name : DSA-3430 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2015/dsa-3430 (string)

}

4 : { »

name : RHSA-2016:1089 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2016-1089.html (string)

}

5 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

6 : { »

name : 77621 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/77621 (string)

}

7 : { »

name : USN-2834-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2834-1 (string)

}

8 : { »

name : [oss-security] 20151118 Re: Buffer overflow in libxml2 (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : http://www.openwall.com/lists/oss-security/2015/11/18/23 (string)

}

9 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe (string)

}

10 : { »

name : 1034243 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_SECTRACK (string)

2 : x_transferred (string)

]

url : http://www.securitytracker.com/id/1034243 (string)

}

11 : { »

name : RHSA-2015:2549 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2549.html (string)

}

12 : { »

name : HPSBGN03537 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_HP (string)

2 : x_transferred (string)

]

url : http://marc.info/?l=bugtraq&m=145382616617563&w=2 (string)

}

13 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 (string)

}

14 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html (string)

}

15 : { »

name : openSUSE-SU-2015:2372 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html (string)

}

16 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=756263 (string)

}

17 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1281936 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2015-8241 (string)

datePublished : 2015-12-15T21:00:00 (string)

dateReserved : 2015-11-18T00:00:00 (string)

dateUpdated : 2024-08-06T08:13:32.137Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B3261B40-5CBE-4AA6-990A-0A7BE96E5518", "vulnerable": true}, {"criteria": "cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "EDAB86FF-C732-4022-B1F4-D1CE28FBF0D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "692D866C-F7D7-437B-BAC3-CCE024626B4D", "versionEndIncluding": "2.9.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data."}, {"lang": "es", "value": "La funci\u00f3n xmlNextChar en libxml2 2.9.2 no comprueba correctamente el estado, lo que permite a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (sobre lectura de buffer basado en memoria din\u00e1mica y ca\u00edda de la aplicaci\u00f3n) u obtener informaci\u00f3n sensible a trav\u00e9s de datos XML manipulados."}], "id": "CVE-2015-8241", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-12-15T21:59:06.307", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3430"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "cve@mitre.org", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/77621"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1034243"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2834-1"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"}, {"source": "cve@mitre.org", "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=145382616617563&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2549.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-2550.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3430"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/11/17/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/11/18/23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/77621"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1034243"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2834-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=756263"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory", "VDB Entry"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : C2FAC325-6EEB-466D-9EBA-8ED4DBC9CFBF (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 9BBCD86A-E6C7-4444-9D74-F861084090F0 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : E5ED5807-55B7-47C5-97A6-03233F4FBC3A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : B3261B40-5CBE-4AA6-990A-0A7BE96E5518 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EDAB86FF-C732-4022-B1F4-D1CE28FBF0D0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B5A6F2F3-4894-4392-8296-3B8DD2679084 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* (string)

matchCriteriaId : F38D3B7E-8429-473F-BB31-FC3583EE5A5B (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* (string)

matchCriteriaId : E88A537F-F4D0-46B9-9E37-965233C2A355 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 692D866C-F7D7-437B-BAC3-CCE024626B4D (string)

versionEndIncluding : 2.9.2 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. (string)

}

1 : { »

lang : es (string)

value : La función xmlNextChar en libxml2 2.9.2 no comprueba correctamente el estado, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (sobre lectura de buffer basado en memoria dinámica y caída de la aplicación) u obtener información sensible a través de datos XML manipulados. (string)

}

]

id : CVE-2015-8241 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.4 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:N/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 4.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2015-12-15T21:59:06.307 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html (string)

}

1 : { »

source : cve@mitre.org (string)

url : http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://marc.info/?l=bugtraq&m=145382616617563&w=2 (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2549.html (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2550.html (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2016-1089.html (string)

}

6 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3430 (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://www.openwall.com/lists/oss-security/2015/11/17/5 (string)

}

8 : { »

source : cve@mitre.org (string)

url : http://www.openwall.com/lists/oss-security/2015/11/18/23 (string)

}

9 : { »

source : cve@mitre.org (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/77621 (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://www.securitytracker.com/id/1034243 (string)

}

13 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2834-1 (string)

}

14 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=756263 (string)

}

15 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1281936 (string)

}

16 : { »

source : cve@mitre.org (string)

url : https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe (string)

}

17 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 (string)

}

18 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html (string)

}

19 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html (string)

}

20 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://marc.info/?l=bugtraq&m=145382616617563&w=2 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2549.html (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2015-2550.html (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2016-1089.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2015/dsa-3430 (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openwall.com/lists/oss-security/2015/11/17/5 (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.openwall.com/lists/oss-security/2015/11/18/23 (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/77621 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securitytracker.com/id/1034243 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2834-1 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.gnome.org/show_bug.cgi?id=756263 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1281936 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Hugh Davenport as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:2549", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "libxml2-0:2.7.6-20.el6_7.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-12-07T00:00:00Z"}, {"advisory": "RHSA-2015:2550", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "libxml2-0:2.9.1-6.el7_2.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-12-07T00:00:00Z"}, {"advisory": "RHSA-2016:1089", "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:3.0", "package": "libxml2", "product_name": "Red Hat JBoss Web Server 3.0", "release_date": "2016-05-17T00:00:00Z"}], "bugzilla": {"description": "libxml2: Buffer overread with XML parser in xmlNextChar", "id": "1281936", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281936"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-125", "details": ["The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.", "A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information."], "name": "CVE-2015-8241", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "libxml2", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "libxml2", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:2", "fix_state": "Will not fix", "package_name": "libxml2", "product_name": "Red Hat JBoss Enterprise Web Server 2"}], "public_date": "2015-10-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8241\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8241"], "threat_severity": "Low"}

{

acknowledgement : Red Hat would like to thank the GNOME project for reporting this issue. Upstream acknowledges Hugh Davenport as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2015:2549 (string)

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

package : libxml2-0:2.7.6-20.el6_7.1 (string)

product_name : Red Hat Enterprise Linux 6 (string)

release_date : 2015-12-07T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2015:2550 (string)

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

package : libxml2-0:2.9.1-6.el7_2.2 (string)

product_name : Red Hat Enterprise Linux 7 (string)

release_date : 2015-12-07T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2016:1089 (string)

cpe : cpe:/a:redhat:jboss_enterprise_web_server:3.0 (string)

package : libxml2 (string)

product_name : Red Hat JBoss Web Server 3.0 (string)

release_date : 2016-05-17T00:00:00Z (string)

}

]

bugzilla : { »

description : libxml2: Buffer overread with XML parser in xmlNextChar (string)

id : 1281936 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1281936 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.3 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:N/A:N (string)

status : verified (string)

}

cwe : CWE-125 (string)

details : [ »

0 : The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. (string)

1 : A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information. (string)

]

name : CVE-2015-8241 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:5 (string)

fix_state : Will not fix (string)

package_name : libxml2 (string)

product_name : Red Hat Enterprise Linux 5 (string)

}

1 : { »

cpe : cpe:/a:redhat:jboss_enterprise_web_server:1 (string)

fix_state : Affected (string)

package_name : libxml2 (string)

product_name : Red Hat JBoss Enterprise Web Server 1 (string)

}

2 : { »

cpe : cpe:/a:redhat:jboss_enterprise_web_server:2 (string)

fix_state : Will not fix (string)

package_name : libxml2 (string)

product_name : Red Hat JBoss Enterprise Web Server 2 (string)

}

]

public_date : 2015-10-08T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2015-8241 https://nvd.nist.gov/vuln/detail/CVE-2015-8241 (string)

]

threat_severity : Low (string)

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object