8.1
CVE-2016-1762
- EPSS 6.47%
- Veröffentlicht 24.03.2016 01:59:30
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle product-security@apple.com
- CVE-Watchlists
- Unerledigt
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version7.2
Redhat ≫ Enterprise Linux Server Aus Version7.3
Redhat ≫ Enterprise Linux Server Aus Version7.4
Redhat ≫ Enterprise Linux Server Aus Version7.6
Redhat ≫ Enterprise Linux Server Eus Version7.2
Redhat ≫ Enterprise Linux Server Eus Version7.3
Redhat ≫ Enterprise Linux Server Eus Version7.4
Redhat ≫ Enterprise Linux Server Eus Version7.5
Redhat ≫ Enterprise Linux Server Eus Version7.6
Redhat ≫ Enterprise Linux Server Tus Version7.2
Redhat ≫ Enterprise Linux Server Tus Version7.3
Redhat ≫ Enterprise Linux Server Tus Version7.6
Redhat ≫ Enterprise Linux Workstation Version6.0
Redhat ≫ Enterprise Linux Workstation Version7.0
Mcafee ≫ Web Gateway Version <= 7.5.2.10
Mcafee ≫ Web Gateway Version > 7.5.2.11 <= 7.6.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.47% | 0.929 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:P
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
http://xmlsoft.org/news.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
https://support.apple.com/HT206167
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
https://support.apple.com/HT206166
https://support.apple.com/HT206168
https://support.apple.com/HT206169
http://www.securitytracker.com/id/1035353
http://www.ubuntu.com/usn/USN-2994-1
https://www.debian.org/security/2016/dsa-3593
http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html
https://support.apple.com/HT206171
http://www.securityfocus.com/bid/85059
https://access.redhat.com/errata/RHSA-2016:1292
https://bugzilla.gnome.org/show_bug.cgi?id=759671
https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
https://kc.mcafee.com/corporate/index?page=content&id=SB10170