What is CVE-2015-5312?

CVE-2015-5312 is a vulnerability in Apple Iphone_os, classified under CWE-399. Published 2015-12-15.

Is CVE-2015-5312 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Iphone_os

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a differe…

EPSS: 0.011 (78.2th percentile) — read the EPSS interpretation.

Affected products

Apple Iphone_os
Apple Mac_os_x
Apple Tvos
Apple Watchos
Hp Icewall_federation_agent — versions 3.0
Hp Icewall_file_manager — versions 3.0
Xmlsoft Libxml2
Canonical Ubuntu_linux — versions 12.04, 14.04, 15.04
Debian Debian_linux — versions 7.0, 8.0
Redhat Enterprise_linux_desktop — versions 6.0

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

RHSA-2015:2550 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
APPLE-SA-2016-03-21-5 (vendor-advisory, x_refsource_APPLE, Mailing List)
openSUSE-SU-2016:0106 (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
DSA-3430 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Issue Tracking)
APPLE-SA-2016-03-21-1 (vendor-advisory, x_refsource_APPLE)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-5312?: CVE-2015-5312 is a vulnerability in Apple Iphone_os, classified under CWE-399. Published 2015-12-15.
Is CVE-2015-5312 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.