Vulnerability Details : CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2016-0718
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*
- cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
- cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
- cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Threat overview for CVE-2016-0718
Top countries where our scanners detected CVE-2016-0718
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-0718 48,995
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-0718!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-0718
4.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-0718
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-0718
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-0718
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html
[security-announce] SUSE-SU-2016:1508-1: important: Security update forThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1296102
1296102 – (CVE-2016-0718) CVE-2016-0718 expat: Out-of-bounds heap read on crafted input causing crashIssue Tracking;Third Party Advisory
-
https://support.apple.com/HT206903
About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple SupportThird Party Advisory
-
http://www.securitytracker.com/id/1036348
Apple macOS/OS X Multiple Flaws Let Remote and Local Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
[security-announce] openSUSE-SU-2016:2026-1: important: Security updateThird Party Advisory
-
https://security.gentoo.org/glsa/201701-21
Expat: Multiple vulnerabilities (GLSA 201701-21) — Gentoo securityThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2016-2824.html
RHSA-2016:2824 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
1236923 - (CVE-2016-0718) Heap read out-of-bound and crash in expat 2.1.0Issue Tracking;Third Party Advisory
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016Third Party Advisory
-
https://www.tenable.com/security/tns-2016-20
[R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities - Security Advisory | Tenable®Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html
[security-announce] openSUSE-SU-2016:1523-1: important: Security updateThird Party Advisory
-
http://www.securitytracker.com/id/1036415
Tenable Nessus Buffer Overflow in Expat Library Lets Remote Authenticated Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html
[security-announce] SUSE-SU-2016:1512-1: important: Security update forThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2983-1
USN-2983-1: Expat vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.securityfocus.com/bid/90729
Expat CVE-2016-0718 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
[security-announce] openSUSE-SU-2016:1964-1: important: Security updateThird Party Advisory
-
http://www.securitytracker.com/id/1037705
IBM Security Network Protection Buffer Overflow in Expat Library Lets Remote Users Execute Arbitrary Code - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
Out-of-bounds read during XML parsing in Expat library — MozillaThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html
[security-announce] openSUSE-SU-2016:1441-1: important: Security updateThird Party Advisory
-
http://www.ubuntu.com/usn/USN-3044-1
USN-3044-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
CPU July 2018Patch;Third Party Advisory
-
http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
ESET Endpoint Antivirus 6 Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://source.android.com/security/bulletin/2016-11-01.html
Android Security Bulletin—November 2016 | Android Open Source ProjectThird Party Advisory
-
http://seclists.org/fulldisclosure/2017/Feb/68
Full Disclosure: CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6Mailing List;Third Party Advisory
-
http://www.debian.org/security/2016/dsa-3582
Debian -- Security Information -- DSA-3582-1 expatThird Party Advisory
-
http://support.eset.com/ca6333/
Remote execution and privilege escalation vulnerabilities in ESET products for macOS fixed—ESET KnowledgebaseThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2016/05/17/12
oss-security - CVE-2016-0718: Expat XML Parser Crashes on Malformed InputMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2486
RHSA-2018:2486 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10365
Security Bulletin - Policy Auditor update fixes multiple vulnerabilities in third-party libraries (CVE-2016-0718, CVE-2016-4472, CVE-2016-5300, CVE-2017-17740, CVE-2017-9287, CVE-2019-13057, CVE-2020-Third Party Advisory
Jump to