The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
http://rhn.redhat.com/errata/RHSA-2016-2957.html
http://www.debian.org/security/2016/dsa-3593
http://www.openwall.com/lists/oss-security/2016/05/03/8
http://www.openwall.com/lists/oss-security/2016/05/04/7
http://www.openwall.com/lists/oss-security/2016/06/07/4
http://www.openwall.com/lists/oss-security/2016/06/07/5
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
http://www.securityfocus.com/bid/90013
http://www.securitytracker.com/id/1036348
https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd
Source: MITRE
Published: 2017-04-11
Updated: 2020-09-11
Type: CWE-502
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
135636 | EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1474) | Nessus | Huawei Local Security Checks | medium |
134497 | EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2020-1208) | Nessus | Huawei Local Security Checks | medium |
129206 | EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2013) | Nessus | Huawei Local Security Checks | critical |
128910 | EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1858) | Nessus | Huawei Local Security Checks | critical |
128090 | EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1798) | Nessus | Huawei Local Security Checks | medium |
125636 | Symantec Content Analysis 2.3 < 2.3.1.1 affected by Multiple Vulnerabilities (SYMSA1377) | Nessus | Misc. | medium |
97893 | Tenable Log Correlation Engine (LCE) < 4.8.1 Multiple Vulnerabilities | Nessus | Misc. | critical |
96541 | GLSA-201701-37 : libxml2: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
93154 | SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:1604-1) | Nessus | SuSE Local Security Checks | critical |
93145 | FreeBSD : libxml2 -- multiple vulnerabilities (e195679d-045b-4953-bb33-be0073ba2ac6) | Nessus | FreeBSD Local Security Checks | high |
92497 | Mac OS X 10.9.5 and 10.10.5 Multiple Vulnerabilities (Security Update 2016-004) | Nessus | MacOS X Local Security Checks | critical |
92496 | Mac OS X 10.11.x < 10.11.6 Multiple Vulnerabilities | Nessus | MacOS X Local Security Checks | critical |
92494 | Apple TV < 9.2.2 Multiple Vulnerabilities | Nessus | Misc. | critical |
92411 | Apple iTunes < 12.4.2 Multiple Vulnerabilities (uncredentialed check) | Nessus | Peer-To-Peer File Sharing | critical |
92410 | Apple iTunes < 12.4.2 Multiple Vulnerabilities (credentialed check) | Nessus | Windows | critical |
92359 | Apple iOS < 9.3.3 Multiple Vulnerabilities | Nessus | Mobile Devices | critical |
91656 | SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:1538-1) | Nessus | SuSE Local Security Checks | critical |
91640 | openSUSE Security Update : libxml2 (openSUSE-2016-734) | Nessus | SuSE Local Security Checks | high |
91639 | openSUSE Security Update : libxml2 (openSUSE-2016-733) | Nessus | SuSE Local Security Checks | critical |
91499 | Ubuntu 12.04 LTS / 14.04 LTS / 15.10 / 16.04 LTS : libxml2 vulnerabilities (USN-2994-1) | Nessus | Ubuntu Local Security Checks | high |
91472 | Debian DLA-503-1 : libxml2 security update | Nessus | Debian Local Security Checks | high |
91447 | Debian DSA-3593-1 : libxml2 - security update | Nessus | Debian Local Security Checks | high |