Vulnerability Details : CVE-2016-5131
Potential exploit
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2016-5131
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5131
4.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5131
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
|
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2016-5131
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5131
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html
[security-announce] openSUSE-SU-2016:1868-1: important: Security update
-
https://support.apple.com/HT207142
About the security content of tvOS 10 - Apple Support
-
https://support.apple.com/HT207143
About the security content of iOS 10 - Apple Support
-
http://www.ubuntu.com/usn/USN-3041-1
USN-3041-1: Oxide vulnerabilities | Ubuntu security notices
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html
[security-announce] openSUSE-SU-2016:1869-1: important: Security update
-
https://crbug.com/623378
623378 - Security: UAF related to XPointer range-to function - chromium - Monorail
-
http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html
Chrome Releases: Stable Channel Update
-
https://support.apple.com/HT207141
About the security content of watchOS 3 - Apple Support
-
http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html
Apple - Lists.apple.com
-
https://security.gentoo.org/glsa/201701-37
libxml2: Multiple vulnerabilities (GLSA 201701-37) — Gentoo security
-
http://www.debian.org/security/2016/dsa-3637
Debian -- Security Information -- DSA-3637-1 chromium-browser
-
http://www.securityfocus.com/bid/92053
Google Chrome Prior to 52.0.2743.82 Multiple Security Vulnerabilities
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html
[security-announce] openSUSE-SU-2016:1865-1: important: Security update
-
http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
Apple - Lists.apple.com
-
https://codereview.chromium.org/2127493002
Issue 2127493002: Delete obsolete XPointer range-to function. - Code Review
-
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html
[security-announce] openSUSE-SU-2016:1918-1: important: Security update
-
http://www.securitytracker.com/id/1038623
Google Android Multiple Flaws Let Remote Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code and Let Local Apps Gain Elevated Privileges - SecurityTracker
-
http://rhn.redhat.com/errata/RHSA-2016-1485.html
RHSA-2016:1485 - Security Advisory - Red Hat Customer Portal
-
https://security.gentoo.org/glsa/201610-09
Chromium: Multiple vulnerabilities (GLSA 201610-09) — Gentoo security
-
http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
Apple - Lists.apple.com
-
https://source.android.com/security/bulletin/2017-05-01
Android Security Bulletin—May 2017 | Android Open Source Project
-
https://support.apple.com/HT207170
About the security content of macOS Sierra 10.12 - Apple Support
-
http://www.securitytracker.com/id/1036428
Google Chrome Multiple Flaws Lets Remote Users Bypass Same-Origin Restrictions, Obtain Potentially Sensitive Information, Spoof URLs, and Execute Arbitrary Code - SecurityTracker
-
http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html
Apple - Lists.apple.com
-
https://bugzilla.redhat.com/show_bug.cgi?id=1358641
1358641 – (CVE-2016-5131) CVE-2016-5131 libxml2: use after free triggered by XPointer paths beginning with range-to
Jump to