CVE - CVE-2015-5312

CVE-ID
CVE-2015-5312	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1034243 URL:http://www.securitytracker.com/id/1034243 MISC:79536 URL:http://www.securityfocus.com/bid/79536 MISC:APPLE-SA-2016-03-21-1 URL:http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html MISC:APPLE-SA-2016-03-21-2 URL:http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html MISC:APPLE-SA-2016-03-21-3 URL:http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html MISC:APPLE-SA-2016-03-21-5 URL:http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html MISC:DSA-3430 URL:http://www.debian.org/security/2015/dsa-3430 MISC:GLSA-201701-37 URL:https://security.gentoo.org/glsa/201701-37 MISC:HPSBGN03537 URL:http://marc.info/?l=bugtraq&m=145382616617563&w=2 MISC:RHSA-2015:2549 URL:http://rhn.redhat.com/errata/RHSA-2015-2549.html MISC:RHSA-2015:2550 URL:http://rhn.redhat.com/errata/RHSA-2015-2550.html MISC:RHSA-2016:1089 URL:http://rhn.redhat.com/errata/RHSA-2016-1089.html MISC:USN-2834-1 URL:http://www.ubuntu.com/usn/USN-2834-1 MISC:http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html URL:http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html MISC:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html URL:http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html MISC:http://xmlsoft.org/news.html URL:http://xmlsoft.org/news.html MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1276693 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1276693 MISC:https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e URL:https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e MISC:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 URL:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 MISC:https://support.apple.com/HT206166 URL:https://support.apple.com/HT206166 MISC:https://support.apple.com/HT206167 URL:https://support.apple.com/HT206167 MISC:https://support.apple.com/HT206168 URL:https://support.apple.com/HT206168 MISC:https://support.apple.com/HT206169 URL:https://support.apple.com/HT206169 MISC:openSUSE-SU-2015:2372 URL:http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html MISC:openSUSE-SU-2016:0106 URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20150701	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150701)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)