CVE-2016-0729
xerces-c: parser crashes on malformed input
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
Múltiples desbordamientos en (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp y (3) util/XMLUri.cpp en la librería XML Parser en Apache Xerces-C en versiones anteriores a 3.1.3 permite a atacantes remotos causar una denegación de servicio (fallo de segmentación o corrupción de memoria) o posiblemente ejecutar código arbitrario a través de un documento manipulado.
It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-12-16 CVE Reserved
- 2016-02-25 CVE Published
- 2024-08-05 CVE Updated
- 2024-08-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Overflow.html | X_refsource_misc |
|
| http://svn.apache.org/viewvc?view=revision&revision=1727978 | X_refsource_confirm | |
| http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/537620/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/83423 | Vdb Entry | |
| http://www.securitytracker.com/id/1035113 | Vdb Entry | |
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Samsung Search vendor "Samsung" | X14j Firmware Search vendor "Samsung" for product "X14j Firmware" | t-ms14jakucb-1102.5 Search vendor "Samsung" for product "X14j Firmware" and version "t-ms14jakucb-1102.5" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 22 Search vendor "Fedoraproject" for product "Fedora" and version "22" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 23 Search vendor "Fedoraproject" for product "Fedora" and version "23" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 24 Search vendor "Fedoraproject" for product "Fedora" and version "24" | - |
Affected
| ||||||