rpm package
opensuse/tidy&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/tidy&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5523 | — | < 5.2.0-2.3 | 5.2.0-2.3 | Aug 11, 2015 | The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | ||
| CVE-2015-5522 | — | < 5.2.0-2.3 | 5.2.0-2.3 | Aug 11, 2015 | Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. |
- CVE-2015-5523Aug 11, 2015affected < 5.2.0-2.3fixed 5.2.0-2.3
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
- CVE-2015-5522Aug 11, 2015affected < 5.2.0-2.3fixed 5.2.0-2.3
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.