Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
07 Nov 2023, 02:24
Type | Values Removed | Values Added |
---|---|---|
References | () https://security.gentoo.org/glsa/201701-21 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html - | |
References | () http://www.securitytracker.com/id/1033031 - | |
References | () https://codereview.chromium.org/1224303003 - | |
References | () http://www.ubuntu.com/usn/USN-2726-1 - | |
References | () https://www.tenable.com/security/tns-2016-20 - | |
References | () http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html - | |
References | () http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html - | |
References | () https://source.android.com/security/bulletin/2016-11-01.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2015-1499.html - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html - | |
References | () http://www.debian.org/security/2015/dsa-3318 - | |
References | () http://www.debian.org/security/2015/dsa-3315 - | |
References | () https://security.gentoo.org/glsa/201603-09 - | |
References | () https://code.google.com/p/chromium/issues/detail?id=492052 - | |
References | () http://www.securityfocus.com/bid/75973 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html - | |
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10365 - | |
References | () http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html - |
05 Jul 2022, 18:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* cpe:2.3:a:python:python:*:*:*:*:*:*:*:* cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:* |
|
References |
|
|
References | (CONFIRM) https://www.tenable.com/security/tns-2016-20 - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2015/dsa-3315 - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201701-21 - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1499.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html - Mailing List, Third Party Advisory | |
References | (SECTRACK) http://www.securitytracker.com/id/1033031 - Broken Link, Third Party Advisory, VDB Entry | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html - Mailing List, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/75973 - Third Party Advisory, VDB Entry | |
References | (GENTOO) https://security.gentoo.org/glsa/201603-09 - Third Party Advisory | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html - Third Party Advisory | |
References | (CONFIRM) https://codereview.chromium.org/1224303003 - Patch, Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2015/dsa-3318 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-2726-1 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://source.android.com/security/bulletin/2016-11-01.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=492052 - Issue Tracking, Patch, Vendor Advisory | |
First Time |
Suse linux Enterprise Debuginfo
Opensuse opensuse Suse linux Enterprise Server Opensuse leap Python python Canonical Suse linux Enterprise Software Development Kit Debian debian Linux Suse linux Enterprise Desktop Suse studio Onsite Oracle solaris Debian Opensuse Canonical ubuntu Linux Python Suse Oracle |
|
CWE | CWE-190 |
25 Jan 2021, 15:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:* |
Information
Published : 2015-07-23 00:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-1283
Mitre link : CVE-2015-1283
CVE.ORG link : CVE-2015-1283
JSON object : View
Products Affected
libexpat_project
- libexpat
suse
- linux_enterprise_debuginfo
- linux_enterprise_software_development_kit
- studio_onsite
- linux_enterprise_server
- linux_enterprise_desktop
python
- python
- chrome
opensuse
- opensuse
- leap
oracle
- solaris
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-190
Integer Overflow or Wraparound