CVSS: 7.5EPSS: 2%CPEs: 66EXPL: 0CVE-2015-6837 – php: NULL pointer dereference in XSLTProcessor class
https://notcve.org/view.php?id=CVE-2015-6837
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error checking, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6838. La función xsl_function_php en ext/xsl/xsl/xsltprocessor.c en PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 y 5.6.x en versiones anteriores a 5.6.13, cuando se utiliza libxml2 en versiones anteriores a 2.9.2, no considera la posibilidad de un retorno NULL valuePop antes de proceder a una operación libre durante la comprobación inicial de errores, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULO y caída de aplicación) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-6838. A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. • http://php.net/ChangeLog-5.php http://www.debian.org/security/2015/dsa-3358 http://www.securityfocus.com/bid/76738 http://www.securitytracker.com/id/1033548 https://bugs.php.net/bug.php?id=69782 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6837 https://bugzilla.redhat.com/show_bug.cgi?id=1260711 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 66EXPL: 0CVE-2015-6838 – php: NULL pointer dereference in XSLTProcessor class
https://notcve.org/view.php?id=CVE-2015-6838
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument loop, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted XML document, a different vulnerability than CVE-2015-6837. La función xsl_function_php en ext/xsl/xsl/xsltprocessor.c en PHP en versiones anteriores a 5.4.45, 5.5.x en versiones anteriores a 5.5.29 y 5.6.x en versiones anteriores a 5.6.13, cuando se utiliza libxml2 en versiones anteriores a 2.9.2, no considera la posibilidad de un retorno NULL valuePop antes de proceder a una operación libre despues del bucle del argumento principal, lo que permite a atacantes remotos provocar una denegación de servicio (referencia a puntero NULL y caída de aplicación) a través de un documento XML manipulado, una vulnerabilidad diferente a CVE-2015-6838. A NULL pointer dereference flaw was found in the XSLTProcessor class in PHP. An attacker could use this flaw to cause a PHP application to crash if it performed Extensible Stylesheet Language (XSL) transformations using untrusted XSLT files and allowed the use of PHP functions to be used as XSLT functions within XSL stylesheets. • http://php.net/ChangeLog-5.php http://www.debian.org/security/2015/dsa-3358 http://www.securityfocus.com/bid/76733 http://www.securitytracker.com/id/1033548 https://bugs.php.net/bug.php?id=69782 https://security.gentoo.org/glsa/201606-10 https://access.redhat.com/security/cve/CVE-2015-6838 https://bugzilla.redhat.com/show_bug.cgi?id=1260711 • CWE-476: NULL Pointer Dereference •
CVSS: 5.0EPSS: 1%CPEs: 116EXPL: 0CVE-2014-3660 – libxml2: denial of service via recursive entity expansion
https://notcve.org/view.php?id=CVE-2014-3660
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. parser.c en libxml2 anterior a 2.9.2 no previene debidamente la expansión de entidades incluso cuando la substitución de entidades haya sido deshabilitada, lo que permite a atacantes dependientes de contexto causar una denegación de servicio (consumo de CPU) a través de un documento XML manipualdo que contiene un número grande de referencias de entidades anidadas, una variante del ataque del 'billón de risas'. A denial of service flaw was found in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML file that, when processed by an application using libxml2, would lead to excessive CPU consumption (denial of service) based on excessive entity substitutions, even if entity substitution was disabled, which is the parser default behavior. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00034.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://rhn.redhat.com/errata/RHSA-2014-1655.html http://rhn.redhat.com/errata/RHSA-2014-1885.html http://secunia.com/advisories/59903 http://s • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.0EPSS: 4%CPEs: 189EXPL: 0CVE-2013-2877 – libxml2: Out-of-bounds read via a document that ends abruptly
https://notcve.org/view.php?id=CVE-2013-2877
parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. parser.c en libxml2 anterior a 2.9.0 utilizada en Google Chrome anterior a 28.0.1500.71 y otros productos, permite a atacantes remotos provocar una denegación de servicio (lectura fuera de rango) a través de un documento que finaliza de golpe, relacionado con la falta de determinadas validaciones para el estado XML_PARSER_EOF. • ftp://xmlsoft.org/libxml2/libxml2-2.9.0.tar.gz http://git.chromium.org/gitweb/?p=chromium/chromium.git%3Ba=commit%3Bh=e5d7f7e5dc21d3ae7be3cbb949ac4d8701e06de1 http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00063.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00077.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.c • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 6.8EPSS: 1%CPEs: 135EXPL: 1CVE-2013-0339
https://notcve.org/view.php?id=CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because libxml2 already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed and each affected application would need its own CVE. libxml2 hasta 2.9.1 no controla correctamente la expansión de entidades externas a menos que un desarrollador de aplicaciones utilice la función xmlSAX2ResolveEntity o xmlSetExternalEntityLoader, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de recursos), enviar peticiones HTTP a los servidores de la intranet, o leer ficheros arbitrarios mediante un documento XML manipulada, también conocido una entidades externas XML (XXE) tema. NOTA: se podría argumentar que debido a que libxml2 ya ofrece la posibilidad de desactivar la expansión entidad externa, la responsabilidad de la solución de este problema se encuentra con los desarrolladores de aplicaciones, de acuerdo con este argumento, esta entrada debe ser rechazada y cada aplicación afectada tendría su propio CVE. • http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html http://openwall.com/lists/oss-security/2013/02/21/24 http://openwall.com/lists/oss-security/2013/02/22/3 http://seclists.org/oss-sec/2013/q4/182 http://seclists.org/oss-sec/2013/q4/184 http://seclists.org/oss-sec/2013/q4/188 http://secunia.com/advisories/52662 http://secunia.com/advisories/54172 http://secunia.com/advisories/55568 http://www.debian.org/security/2013/dsa-2652 • CWE-264: Permissions, Privileges, and Access Controls •