rpm package
suse/tidy&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/tidy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5523 | — | < 1.0-37.1 | 1.0-37.1 | Aug 11, 2015 | The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation. | ||
| CVE-2015-5522 | — | < 1.0-37.1 | 1.0-37.1 | Aug 11, 2015 | Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. |
- CVE-2015-5523Aug 11, 2015affected < 1.0-37.1fixed 1.0-37.1
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
- CVE-2015-5522Aug 11, 2015affected < 1.0-37.1fixed 1.0-37.1
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.