Vulnerability Details : CVE-2016-3705
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2016-3705
- cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:2.9.3:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-3705
1.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-3705
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-3705
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3705
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016
-
https://access.redhat.com/errata/RHSA-2016:1292
RHSA-2016:1292 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2016-2957.html
RHSA-2016:2957 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201701-37
libxml2: Multiple vulnerabilities (GLSA 201701-37) — Gentoo security
-
http://www.ubuntu.com/usn/USN-2994-1
USN-2994-1: libxml2 vulnerabilities | Ubuntu security notices
-
http://www.securityfocus.com/bid/89854
libxml2 CVE-2016-3705 Stack Buffer Overflow Vulnerability
-
https://bugzilla.gnome.org/show_bug.cgi?id=765207
Bug 765207 – Stack exhaustion parsing xml in parser
-
https://www.tenable.com/security/tns-2016-18
[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®
-
https://www.debian.org/security/2016/dsa-3593
Debian -- Security Information -- DSA-3593-1 libxml2
-
http://seclists.org/fulldisclosure/2016/May/10
Full Disclosure: CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)
-
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
McAfee Security Bulletin: McAfee Web Gateway update fixes several vulnerabilities related to xml parsing
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239
HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using libXML2 library, Remote Denial of Service (DoS)
-
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Oracle VM Server for x86 Bulletin - July 2016
-
http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html
openSUSE-SU-2016:1446-1: moderate: Security update for libxml2
-
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Oracle Linux Bulletin - July 2016
-
http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html
openSUSE-SU-2016:1298-1: moderate: Security update for libxml2
Jump to