CVE-2016-4448 : Format string vulnerability in libxml2 before 2.9.4 allows attackers to have uns

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Published 2016-06-09 16:59:07

Updated 2023-02-12 23:21:19

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2016-4448

HP » Icewall Federation Agent » Version: 3.0
cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
Matching versions
When used together with: Redhat » Enterprise Linux » Version: 6.0
When used together with: Redhat » Enterprise Linux » Version: 7.0
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 7.0
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.4
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Eus » Version: 7.5
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.3
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.6
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.7
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Tus » Version: 7.2
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
Matching versions
Slackware » Slackware Linux » Version: 14.0
cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*
Matching versions
Slackware » Slackware Linux » Version: 14.1
cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*
Matching versions
Apple » Mac Os X
Versions before (<) 10.11.6
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Matching versions
Apple » Itunes
Versions up to, including, (<=) 12.4.1
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Iphone Os
Versions up to, including, (<=) 9.3.2
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Matching versions
Apple » Watchos
Versions up to, including, (<=) 2.2.1
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Matching versions
Apple » Icloud
Versions before (<) 5.2.1
cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows » Version: N/A
Apple » Tvos
Versions up to, including, (<=) 9.2.1
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 6
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*
Matching versions
Oracle » Linux » Version: 7 Update
cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*
Matching versions
Oracle » Vm Server » Version: 3.3
cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*
Matching versions
Oracle » Vm Server » Version: 3.4
cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*
Matching versions
Mcafee » Web Gateway
Versions from including (>=) 7.6.0.0 and up to, including, (<=) 7.6.2.3
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
Matching versions
Mcafee » Web Gateway
Versions up to, including, (<=) 7.5.2.10
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
Matching versions
Xmlsoft » Libxml2
Versions up to, including, (<=) 2.9.3
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
Matching versions
Tenable » Log Correlation Engine » Version: 4.8.0
cpe:2.3:a:tenable:log_correlation_engine:4.8.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2016-4448

Top countries where our scanners detected CVE-2016-4448

Top open port discovered on systems with this issue 548

IPs affected by CVE-2016-4448 1,256

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2016-4448!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2016-4448

EPSS FAQ

2.18%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 83 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-4448

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-4448

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-4448

https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9

Vendor Advisory
https://support.apple.com/HT206905

About the security content of tvOS 9.2.2 - Apple Support
Release Notes

CVEs referencing this url
https://support.apple.com/HT206899

About the security content of iCloud for Windows 5.2.1 - Apple Support
Release Notes

CVEs referencing this url
https://support.apple.com/HT206903

About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support
Release Notes

CVEs referencing this url
http://www.securitytracker.com/id/1036348

Apple macOS/OS X Multiple Flaws Let Remote and Local Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

Apple - Lists.apple.com
Mailing List;Release Notes

CVEs referencing this url
http://xmlsoft.org/news.html

Releases
Release Notes

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Oracle Solaris Bulletin - July 2016
Third Party Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

Apple - Lists.apple.com
Mailing List;Release Notes

CVEs referencing this url
https://access.redhat.com/errata/RHSA-2016:1292

RHSA-2016:1292 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2016-2957.html

RHSA-2016:2957 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

HPSBGN03628 rev.1 - HPE IceWall Federation Agent using libXML2 library, Remote Denial of Service (DoS), Unauthorized Modification, Unauthorized Disclosure of Information
Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT206902

About the security content of iOS 9.3.3 - Apple Support
Release Notes

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1338700

1338700 – (CVE-2016-4448) CVE-2016-4448 libxml2: Format string vulnerability
Issue Tracking;Third Party Advisory
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

The Slackware Linux Project: Slackware Security Advisories
Third Party Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

Apple - Lists.apple.com
Mailing List;Release Notes

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

Apple - Lists.apple.com
Mailing List;Release Notes

CVEs referencing this url
http://www.securityfocus.com/bid/90856

Libxml2 CVE-2016-4448 Remote Format String Vulnerability
Third Party Advisory;VDB Entry
https://www.tenable.com/security/tns-2016-18

[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable®
Third Party Advisory

CVEs referencing this url
https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b

More format string warnings with possible format string vulnerability (502f6a6d) · Commits · GNOME / libxml2 · GitLab
Vendor Advisory
https://support.apple.com/HT206901

About the security content of iTunes 12.4.2 for Windows - Apple Support
Release Notes

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

Apple - Lists.apple.com
Mailing List;Release Notes

CVEs referencing this url
https://kc.mcafee.com/corporate/index?page=content&id=SB10170

McAfee Security Bulletin: McAfee Web Gateway update fixes several vulnerabilities related to xml parsing
Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Oracle VM Server for x86 Bulletin - July 2016
Vendor Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2016/05/25/2

oss-security - 3 libxml2 issues
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Oracle Linux Bulletin - July 2016
Third Party Advisory

CVEs referencing this url
https://support.apple.com/HT206904

About the security content of watchOS 2.2.2 - Apple Support
Release Notes

CVEs referencing this url