CVE-2015-8035

CVE Details

Release Date:

2021-01-28

Description

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

See more information about CVE-2015-8035 from MITRE CVE dictionary and NIST NVD

CVSS v3.0 metrics

NOTE: The following CVSS v3.0 metrics and score provided are preliminary and subject to review.

Base Score:		Base Metrics:
Access Vector:	Undefined	Attack Complexity:	Undefined
Privileges Required:	None	User Interaction:	None
Scope:	Unchanged	Confidentiality Impact:	Undefined
Integrity Impact:	Undefined	Availability Impact:	Undefined

Errata information

Platform	Errata	Release Date
Oracle Linux version 7 (libxml2)	ELSA-2020-1190	2020-04-06

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team