Skip to main content

Icewall Federation Agent CVE-2015-7498

MEDIUM
Buffer Overflow (CWE-119)
2015-12-15 secalert@redhat.com
5.0
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
5.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:N/I:N/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 15, 2015 - 21:59 cve.org
MEDIUM 5.0

DescriptionCVE.org

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.

AnalysisAI

Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. Affected products include: Hp Icewall Federation Agent, Hp Icewall File Manager, Canonical Ubuntu Linux, Debian Debian Linux, Redhat Enterprise Linux Desktop. Version information: before 2.9.3.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2016-2182 CRITICAL
9.8 Sep 16

The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 does not properly validate division results, whic

CVE-2016-4447 HIGH POC
7.5 Jun 09

The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denia

CVE-2015-7942 MEDIUM POC
6.8 Nov 18

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it sto

CVE-2016-4448 CRITICAL
9.8 Jun 09

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specif

CVE-2015-8317 MEDIUM POC
5.0 Dec 15

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive

CVE-2016-3705 HIGH
7.5 May 17

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep

CVE-2016-3627 HIGH
7.5 May 17

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dep

CVE-2016-6306 MEDIUM
5.9 Sep 26

The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial o

CVE-2015-5312 HIGH
7.1 Dec 15

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion,

CVE-2015-8241 MEDIUM
6.4 Dec 15

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to

CVE-2015-8242 MEDIUM
5.8 Dec 15

The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-d

CVE-2015-7497 MEDIUM
5.0 Dec 15

Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-depen

Share

CVE-2015-7498 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy