[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2015-2550 -- Oracle libxml2

ID: oval:org.secpod.oval:def:1501264Date: (C)2015-12-15   (M)2024-02-19
Class: PATCHFamily: unix




libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.

Platform:
Oracle Linux 7
Product:
libxml2
Reference:
ELSA-2015-2550
CVE-2015-8317
CVE-2015-8242
CVE-2015-5312
CVE-2015-7942
CVE-2015-7500
CVE-2015-7498
CVE-2015-1819
CVE-2015-8241
CVE-2015-7941
CVE-2015-7499
CVE-2015-7497
CVE    11
CVE-2015-1819
CVE-2015-5312
CVE-2015-8317
CVE-2015-7942
...
CPE    2
cpe:/a:libxml2:libxml2
cpe:/o:oracle:linux:7

© SecPod Technologies