CVE-2015-7499
EPSS 0.71%Heap-based buffer overflow in nokogiri
發布日:2018/9/17修改日:2026/4/28
描述
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
受影響套件(2)
- Debian/libxml2from 0, < 2.9.3+dfsg1-1
- RubyGems/nokogiri>= 1.6.0, < 1.6.7.2
參考連結(18)
- ADVISORYhttps://github.com/advisories/GHSA-jxjr-5h69-qw3w
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7499
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-7499
- WEBhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-2549.html
- WEBhttp://rhn.redhat.com/errata/RHSA-2015-2550.html
- WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1281925
- WEBhttps://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
- WEBhttps://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml
- WEBhttps://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
- WEBhttps://security.gentoo.org/glsa/201701-37
- WEBhttps://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509
- WEBhttps://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243
- WEBhttp://www.debian.org/security/2015/dsa-3430
- WEBhttp://www.ubuntu.com/usn/USN-2834-1
- WEBhttp://xmlsoft.org/news.html