CVE-2016-3705
libxml2: stack overflow before detecting invalid XML file
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
Las funciones (1) xmlParserEntityCheck y (2) xmlParseAttValueComplex en parser.c en libxml2 2.9.3 no hace seguimiento de manera adecuada de la profundidad de recursividad, lo que permite a atacantes dependientes del contexto provocar una denegación de servicio (consumo de pila y caída de la aplicación) a través de un documento XML manipulado que contiene un gran número de referencias de entidades anidadas.
Missing incrementation of recursion depth counter were found in the xmlParserEntityCheck() and xmlParseAttValueComplex() functions used for parsing XML data. An attacker could launch a Denial of Service attack by passing specially crafted XML data to an application, forcing it to crash due to stack exhaustion.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-03-30 CVE Reserved
- 2016-05-17 CVE Published
- 2023-07-10 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-674: Uncontrolled Recursion
CAPEC
References (18)
URL | Tag | Source |
---|---|---|
http://seclists.org/fulldisclosure/2016/May/10 | Mailing List | |
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html | X_refsource_confirm | |
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | X_refsource_confirm | |
http://www.securityfocus.com/bid/89854 | Vdb Entry | |
https://bugzilla.gnome.org/show_bug.cgi?id=765207 | X_refsource_confirm | |
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239 | X_refsource_confirm | |
https://kc.mcafee.com/corporate/index?page=content&id=SB10170 | X_refsource_confirm | |
https://www.tenable.com/security/tns-2016-18 | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html | 2023-02-12 | |
http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html | 2023-02-12 | |
http://rhn.redhat.com/errata/RHSA-2016-2957.html | 2023-02-12 | |
http://www.ubuntu.com/usn/USN-2994-1 | 2023-02-12 | |
https://access.redhat.com/errata/RHSA-2016:1292 | 2023-02-12 | |
https://security.gentoo.org/glsa/201701-37 | 2023-02-12 | |
https://www.debian.org/security/2016/dsa-3593 | 2023-02-12 | |
https://access.redhat.com/security/cve/CVE-2016-3705 | 2016-12-15 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1332443 | 2016-12-15 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Xmlsoft Search vendor "Xmlsoft" | Libxml2 Search vendor "Xmlsoft" for product "Libxml2" | 2.9.3 Search vendor "Xmlsoft" for product "Libxml2" and version "2.9.3" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Icewall Federation Agent Search vendor "Hp" for product "Icewall Federation Agent" | 3.0 Search vendor "Hp" for product "Icewall Federation Agent" and version "3.0" | - |
Affected
| ||||||
Hp Search vendor "Hp" | Icewall File Manager Search vendor "Hp" for product "Icewall File Manager" | 3.0 Search vendor "Hp" for product "Icewall File Manager" and version "3.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 42.1 Search vendor "Opensuse" for product "Leap" and version "42.1" | - |
Affected
|