CVE-2015-5522
NONE EPSS 90.6%
Published Aug 11, 201510y ago · Modified Jun 17, 20262w ago
Published Aug 11, 2015 10y ago
Last Modified Jun 17, 2026 2w ago
Description
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
Threat Intelligence
EPSS Exploit Probability
90.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 9
References 14
- lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
- lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
- lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
- debian.org http://www.debian.org/security/2015/dsa-3309
- openwall.com http://www.openwall.com/lists/oss-security/2015/06/04/2
- openwall.com http://www.openwall.com/lists/oss-security/2015/07/13/7
- openwall.com http://www.openwall.com/lists/oss-security/2015/07/15/3
- securityfocus.com http://www.securityfocus.com/bid/75037
- securitytracker.com http://www.securitytracker.com/id/1033703
- ubuntu.com http://www.ubuntu.com/usn/USN-2695-1
- github.com https://github.com/htacg/tidy-html5/issues/217
- support.apple.com https://support.apple.com/HT205212
- support.apple.com https://support.apple.com/HT205213
- support.apple.com https://support.apple.com/HT205267
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.