7.5

CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseLeap Version42.1
DebianDebian Linux Version8.0
HpIcewall Federation Agent Version3.0
HpIcewall File Manager Version3.0
XmlsoftLibxml2 Version <= 2.9.3
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
RedhatEnterprise Linux Eus Version7.2
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
OracleVm Server Version3.3 HwPlatformx86
OracleVm Server Version3.4 HwPlatformx86
OracleSolaris Version11.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.03% 0.934
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Patch
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2957.html
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Patch
Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Patch
Third Party Advisory
https://security.gentoo.org/glsa/201701-37
Third Party Advisory
https://www.tenable.com/security/tns-2016-18
Third Party Advisory
http://www.ubuntu.com/usn/USN-2994-1
Third Party Advisory
https://www.debian.org/security/2016/dsa-3593
Mailing List
https://access.redhat.com/errata/RHSA-2016:1292
Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
Broken Link
http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html
Mailing List
http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html
Mailing List
http://seclists.org/fulldisclosure/2016/May/10
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2016/03/21/2
Patch
Mailing List
http://www.openwall.com/lists/oss-security/2016/03/21/3
Mailing List
http://www.securityfocus.com/bid/84992
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1035335
Third Party Advisory
Broken Link
VDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239
Third Party Advisory