Vulnerability CVE-2016-1762


Published: 2016-03-23   Modified: 2016-03-24

Description:
The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Apple
Product: Iphone os 
Version: 9.2.1;
Product: Apple tv 
Version: 9.1;
Product: TVOS 
Version: 9.1;
Product: Safari 
Version:
9.0.3
9.0.2
9.0.1
8.0.8
8.0.6
8.0.5
8.0.4
8.0
7.1.8
7.1.6
7.1.5
7.1.4
7.1
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0
6.2.8
6.2.6
6.2.5
6.2.4
6.1.5
6.1.4
6.1.3
6.1.2
6.1.1
6.1
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0
5.1.7
5.1.6
5.1.5
5.1.4
5.1.3
5.1.2
5.1.1
5.1
5.0.6
5.0.5
5.0.4
5.0.2
5.0.1
5.0
4.1.2
4.1.1
4.1
4.0.5
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0b
4.0
3.2.2b
3.2.2
3.2.1b
3.2.1
3.2.0b
3.2.0
3.1.2b
3.1.2
3.1.1b
3.1.1
3.1.0b
3.1.0
3.0.4b
3.0.4
3.0.3b
3.0.3
3.0.2b
See more versions on NVD
Vendor: Debian
Product: Debian linux 
Version: 8.0;
Vendor: Mcafee
Product: Web gateway 
Version: 7.6.2.3; 7.5.2.10;
Vendor: Redhat
Product: Enterprise linux server tus 
Version:
7.6
7.3
7.2
See more versions on NVD
Product: Enterprise linux server eus 
Version:
7.6
7.5
7.4
7.3
7.2
See more versions on NVD
Product: Enterprise linux server aus 
Version:
7.6
7.4
7.3
7.2
See more versions on NVD
Product: Enterprise linux server 
Version: 7.0; 6.0;
Product: Enterprise linux workstation 
Version: 7.0; 6.0;
Product: Enterprise linux desktop 
Version: 7.0; 6.0;

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.8/10
4.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial

 References:
http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/85059
http://www.securitytracker.com/id/1035353
http://www.ubuntu.com/usn/USN-2994-1
http://xmlsoft.org/news.html
https://access.redhat.com/errata/RHSA-2016:1292
https://bugzilla.gnome.org/show_bug.cgi?id=759671
https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
https://support.apple.com/HT206166
https://support.apple.com/HT206167
https://support.apple.com/HT206168
https://support.apple.com/HT206169
https://support.apple.com/HT206171
https://www.debian.org/security/2016/dsa-3593

Related CVE
CVE-2019-14821
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wher...
CVE-2019-14835
A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descript...
CVE-2019-14826
A flaw was found in FreeIPA versions 4.5.0 and later. Session cookies were retained in the cache after logout. An attacker could abuse this flaw if they obtain previously valid session cookies and can use this to gain access to the session.
CVE-2019-14813
A flaw was found in ghostscript, versions 9.x before 9.28, in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable se...
CVE-2019-6648
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by ...
CVE-2019-1125
An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.
CVE-2019-10140
A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c....
CVE-2019-10201
It was found that Keycloak's SAML broker, versions up to 6.0.1, did not verify missing message signatures. If an attacker modifies the SAML Response and removes the <Signature> sections, the message is still accepted, and the message can be modified....

Copyright 2019, cxsecurity.com

 

Back to Top