Computer Security
[EN] securityvulns.ru no-pyccku


CVECVE-2015-5523
StatusCandidate
DescriptionThe ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
Severity
Medium
CVSS score4,3
CVSS vector(AV:N/AC:M/Au:N/C:N/I:N/A:P)
PhaseAssigned (14.07.2015)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5523
ReferencesMLIST : [oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
 MLIST : [oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
 MLIST : [oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow
 APPLE : APPLE-SA-2015-09-16-1
 APPLE : APPLE-SA-2015-09-21-1
 APPLE : APPLE-SA-2015-09-30-3
 DEBIAN : DSA-3309
 CONFIRM : https://github.com/htacg/tidy-html5/issues/217#iss...
 CONFIRM : https://support.apple.com/HT205212
 CONFIRM : https://support.apple.com/HT205213
 CONFIRM : https://support.apple.com/HT205267
 UBUNTU : USN-2695-1
SecurityVulns:Apple Mac OS X / Mac EFI / OS X Server multiple security vulnerabilities
 Apple iOS multiple security vulnerabilities
 Apple watchOS security vulnerabilities
 tidy security vulnerabilities
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod