PT-2015-5191 · Google+9 · Google Chrome+9

Publicado

2015-07-21

·

Atualizado

2025-01-13

·

CVE-2015-1283

CVSS v2.0

6.8

Média

VetorAV:N/AC:M/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Expat versions through 2.1.0 Google Chrome versions prior to 44.0.2403.89
Description The issue is caused by multiple integer overflows in the XML GetBuffer function in Expat, which can be exploited by remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have other unspecified impacts via crafted XML data.
Recommendations For Expat versions through 2.1.0, update to a version later than 2.1.0 to resolve the issue. For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue.

Exploit

Correção

DoS

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2015-1729
ALT-PU-2017-2088
ALT-PU-2017-2598
ALT-PU-2017-2851
CVE-2015-1283
DLA-281-1
DSA-3315-1
DSA-3318-1
DSA-3582-1
MGASA-2015-0285
OPENSUSE-SU-2015_1287-1
OPENSUSE-SU-2016_1441-1
OPENSUSE-SU-2016_1523-1
OPENSUSE-SU-2024:10077-1
OPENSUSE-SU-2024:10171-1
OPENSUSE-SU-2024:12948-1
PSF-2015-1
RHSA-2015:1499
RHSA-2015_1499
SUSE-SU-2016:1508-1
SUSE-SU-2016:1512-1
SUSE-SU-2016_1508-1
SUSE-SU-2016_1512-1
SUSE-SU-2017:2699-1
SUSE-SU-2017:2700-1
USN-2677-1
USN-2726-1
USN-3013-1
USN-4772-1
USN-5455-1
USN-7199-1

Produtos afetados

Alt Linux
Debian
Expat
Google Chrome
Linuxmint
Opera
Red Hat
Suse
Ubuntu
Itunes