14 results (0.013 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705. Se ha descubierto que el erratum de Red Hat JBoss Core Services RHSA-2016:2957 para CVE-2016-3705 no incluía la solución al problema en libxml2, lo que lo hace vulnerable a un ataque de denegación de servicio (DoS) debido a un desbordamiento de pila. Este es un CVE de regresión para el mismo problema que CVE-2016-3705. • http://www.securityfocus.com/bid/98567 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597 https://access.redhat.com/security/cve/CVE-2016-9597 https://bugzilla.redhat.com/show_bug.cgi?id=1408305 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674: Uncontrolled Recursion •

CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. Las funciones (1) xmlParserEntityCheck y (2) xmlParseAttValueComplex en parser.c en libxml2 2.9.3 no hace seguimiento de manera adecuada de la profundidad de recursividad, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de pila y caída de la aplicación) a través de un documento XML manipulado que contiene un gran número de referencias de entidades anidadas. Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://seclists.org/fulldisclosure/2016/May/10 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/89854& • CWE-20: Improper Input Validation CWE-674: Uncontrolled Recursion •

CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. La función xmlStringGetNodeList en tree.c en libxml2.2.9.3 y versiones anteriores, cuando se utiliza en modo de recuperación, permite a atacantes dependientes del contexto provocar una denegación de servicio (bucle infinito, consumo de pila y caída de la aplicación) a través de un docuumento XML manipulado. Missing recursive loop detection checks were found in the xmlParserEntityCheck() and xmlStringGetNodeList() functions of libxml2, causing application using the library to crash by stack exhaustion while building the associated data. An attacker able to send XML data to be parsed in recovery mode could launch a Denial of Service on the application. libxml versions prior to 2.9.3 suffer from a stack overflow vulnerability when parsing a malicious file. • http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://seclists.org/fulldisclosure/2016/May/10 http://www.openwall.com/lists/oss-security/2016/03/21/2 http://www.openwall.com/lists/oss-security/2016/03/21/3 http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016& • CWE-674: Uncontrolled Recursion •

CVSS: 7.1EPSS: 0%CPEs: 17EXPL: 0

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. La función xmlStringLenDecodeEntities en parser.c en libxml2 en versiones anteriores a 2.9.3 no previene adecuadamente la expansión de entidad, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (consumo de CPU) a través de datos XML manipulados, una vulnerabilidad diferente a CVE-2014-3660. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html http://marc.info/?l=bugtraq&m=145382616617563&w=2 http://rhn.redhat • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 17EXPL: 0

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. La función xmlParseMisc en parser.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio (lectura de memoria dinámica fuera de rango) a través de vectores no especificados relacionados con límites de entidades y etiquetas de inicio incorrectos. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html http://marc.info/?l=bugtraq&m=145382616617563&w=2 http://rhn.redhat • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •