CVE-2015-5522

NONE EPSS 90.6%
Published Aug 11, 201510y ago · Modified Jun 17, 20262w ago
Find Similar
Published Aug 11, 2015 10y ago
Last Modified Jun 17, 2026 2w ago

Description

Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.

Threat Intelligence

EPSS Exploit Probability
90.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 9

VendorProductVersionRange
htacgtidy* ≤4.9.30
canonicalubuntu_linux12.04any
canonicalubuntu_linux14.04any
canonicalubuntu_linux15.04any
debiandebian_linux7.0any
debiandebian_linux8.0any
appleiphone_os* ≤8.2
applemac_os_x* ≤10.6.8
applewatchos* ≤1.0.1

References 14

  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html
    Mailing ListThird Party Advisory
  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html
    Mailing ListThird Party Advisory
  • lists.apple.com http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
    Mailing ListThird Party Advisory
  • debian.org http://www.debian.org/security/2015/dsa-3309
    Third Party Advisory
  • openwall.com http://www.openwall.com/lists/oss-security/2015/06/04/2
    Exploit
  • openwall.com http://www.openwall.com/lists/oss-security/2015/07/13/7
    Exploit
  • openwall.com http://www.openwall.com/lists/oss-security/2015/07/15/3
    Exploit
  • securityfocus.com http://www.securityfocus.com/bid/75037
  • securitytracker.com http://www.securitytracker.com/id/1033703
  • ubuntu.com http://www.ubuntu.com/usn/USN-2695-1
    Third Party Advisory
  • github.com https://github.com/htacg/tidy-html5/issues/217
    Exploit
  • support.apple.com https://support.apple.com/HT205212
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT205213
    Third Party Advisory
  • support.apple.com https://support.apple.com/HT205267
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.