The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
10 Feb 2024, 02:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:a:oracle:vm_server:3.3:*:*:*:*:*:x86:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:a:oracle:vm_server:3.4:*:*:*:*:*:x86:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.2:*:*:*:*:*:*:* cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* |
|
CWE | CWE-674 | |
First Time |
Oracle solaris
Redhat enterprise Linux Eus Redhat enterprise Linux Server Redhat enterprise Linux Desktop Redhat Redhat jboss Core Services Oracle vm Server Oracle Redhat enterprise Linux Server Aus Redhat enterprise Linux Workstation |
|
References | () http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html - Mailing List | |
References | () http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html - Mailing List | |
References | () http://rhn.redhat.com/errata/RHSA-2016-2957.html - Third Party Advisory | |
References | () http://seclists.org/fulldisclosure/2016/May/10 - Mailing List, Patch, Third Party Advisory | |
References | () http://www.openwall.com/lists/oss-security/2016/03/21/2 - Mailing List, Patch | |
References | () http://www.openwall.com/lists/oss-security/2016/03/21/3 - Mailing List | |
References | () http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html - Patch, Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - Patch, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/84992 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1035335 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/USN-2994-1 - Third Party Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1292 - Third Party Advisory | |
References | () https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239 - Third Party Advisory | |
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10170 - Broken Link | |
References | () https://security.gentoo.org/glsa/201701-37 - Third Party Advisory | |
References | () https://www.debian.org/security/2016/dsa-3593 - Mailing List | |
References | () https://www.tenable.com/security/tns-2016-18 - Third Party Advisory |
Information
Published : 2016-05-17 14:08
Updated : 2024-02-10 02:43
NVD link : CVE-2016-3627
Mitre link : CVE-2016-3627
CVE.ORG link : CVE-2016-3627
JSON object : View
Products Affected
hp
- icewall_file_manager
- icewall_federation_agent
redhat
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_server_aus
- jboss_core_services
- enterprise_linux_eus
oracle
- vm_server
- solaris
xmlsoft
- libxml2
opensuse
- leap
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-674
Uncontrolled Recursion