CVE-2016-9597

libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

Se ha descubierto que el erratum de Red Hat JBoss Core Services RHSA-2016:2957 para CVE-2016-3705 no incluía la solución al problema en libxml2, lo que lo hace vulnerable a un ataque de denegación de servicio (DoS) debido a un desbordamiento de pila. Este es un CVE de regresión para el mismo problema que CVE-2016-3705.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2016-11-23 CVE Reserved
2018-07-30 CVE Published
2024-06-08 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-674: Uncontrolled Recursion

CAPEC

References (4)

URL	Tag	Source
http://www.securityfocus.com/bid/98567	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9597	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2016-9597	2018-08-16
https://bugzilla.redhat.com/show_bug.cgi?id=1408305	2018-08-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				15.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Xmlsoft Search vendor "Xmlsoft"		Libxml2 Search vendor "Xmlsoft" for product "Libxml2"				2.9.3 Search vendor "Xmlsoft" for product "Libxml2" and version "2.9.3"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Hp Search vendor "Hp"		Icewall Federation Agent Search vendor "Hp" for product "Icewall Federation Agent"				3.0 Search vendor "Hp" for product "Icewall Federation Agent" and version "3.0"		-		Affected
Hp Search vendor "Hp"		Icewall File Manager Search vendor "Hp" for product "Icewall File Manager"				3.0 Search vendor "Hp" for product "Icewall File Manager" and version "3.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.1 Search vendor "Opensuse" for product "Leap" and version "42.1"		-		Affected