7.5

CVE-2016-3627

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

Data is provided by the National Vulnerability Database (NVD)
OpensuseLeap Version42.1
DebianDebian Linux Version8.0
HpIcewall Federation Agent Version3.0
HpIcewall File Manager Version3.0
XmlsoftLibxml2 Version <= 2.9.3
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
RedhatEnterprise Linux Eus Version7.2
RedhatEnterprise Linux Eus Version7.3
RedhatEnterprise Linux Eus Version7.4
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
OracleVm Server Version3.3 HwPlatformx86
OracleVm Server Version3.4 HwPlatformx86
OracleSolaris Version11.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.29% 0.523
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-674 Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

http://seclists.org/fulldisclosure/2016/May/10
Patch
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/84992
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1035335
Third Party Advisory
Broken Link
VDB Entry