CVE-2015-8710 - OpenCVE

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Xmlsoft	Libxml2

Configuration 1 [-]

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2016-1089.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3430	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/04/19/4	Mailing List Patch
http://www.openwall.com/lists/oss-security/2015/09/13/1	Mailing List
http://www.openwall.com/lists/oss-security/2015/12/31/7	Mailing List
http://www.securityfocus.com/bid/79811	Third Party Advisory VDB Entry
https://bugzilla.gnome.org/show_bug.cgi?id=746048	Issue Tracking
https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c	Third Party Advisory
https://hackerone.com/reports/57125#activity-384861	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: debian

Published: 2016-04-11T21:00:00

Updated: 2016-11-28T20:57:01

Reserved: 2015-12-31T00:00:00

Link: CVE-2015-8710

JSON object: View

NVD Information

Status : Analyzed

Published: 2016-04-11T21:59:15.667

Modified: 2020-02-26T19:19:43.173

Link: CVE-2015-8710

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-28T20:57:01", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/57125#activity-384861"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=746048"}, {"name": "DSA-3430", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3430"}, {"name": "[oss-security] 20150913 Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/09/13/1"}, {"name": "RHSA-2016:1089", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c"}, {"name": "[oss-security] 20150419 libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/04/19/4"}, {"name": "79811", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/79811"}, {"name": "[oss-security] 20151231 Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/12/31/7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2015-8710", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://hackerone.com/reports/57125#activity-384861", "refsource": "MISC", "url": "https://hackerone.com/reports/57125#activity-384861"}, {"name": "https://bugzilla.gnome.org/show_bug.cgi?id=746048", "refsource": "CONFIRM", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=746048"}, {"name": "DSA-3430", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3430"}, {"name": "[oss-security] 20150913 Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/09/13/1"}, {"name": "RHSA-2016:1089", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"}, {"name": "https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c", "refsource": "CONFIRM", "url": "https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c"}, {"name": "[oss-security] 20150419 libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/04/19/4"}, {"name": "79811", "refsource": "BID", "url": "http://www.securityfocus.com/bid/79811"}, {"name": "[oss-security] 20151231 Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/12/31/7"}]}}}}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-8710", "datePublished": "2016-04-11T21:00:00", "dateReserved": "2015-12-31T00:00:00", "dateUpdated": "2016-11-28T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*", "matchCriteriaId": "070C5B7B-0A5E-4B15-98A9-4ADCC694E7FA", "versionEndExcluding": "2.9.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment."}, {"lang": "es", "value": "La funci\u00f3n htmlParseComment en HTMLparser.c en libxml2 permite a atacantes obtener informaci\u00f3n sensible, provocar una denegaci\u00f3n de servicio (acceso a memoria din\u00e1mica fuera de l\u00edmites y ca\u00edda de aplicaci\u00f3n), o posiblemente tener otro impacto no especificado a trav\u00e9s de un comentario HTML no cerrado."}], "id": "CVE-2015-8710", "lastModified": "2020-02-26T19:19:43.173", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-04-11T21:59:15.667", "references": [{"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3430"}, {"source": "security@debian.org", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2015/04/19/4"}, {"source": "security@debian.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2015/09/13/1"}, {"source": "security@debian.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2015/12/31/7"}, {"source": "security@debian.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/79811"}, {"source": "security@debian.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=746048"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c"}, {"source": "security@debian.org", "tags": ["Third Party Advisory"], "url": "https://hackerone.com/reports/57125#activity-384861"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}