CVE-2016-4658

HIGH

Description

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

References

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

http://www.securityfocus.com/bid/93054

http://www.securitytracker.com/id/1036858

http://www.securitytracker.com/id/1038623

https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b

https://security.gentoo.org/glsa/201701-37

https://support.apple.com/HT207141

https://support.apple.com/HT207142

https://support.apple.com/HT207143

https://support.apple.com/HT207170

Details

Source: MITRE

Published: 2016-09-25

Updated: 2019-03-13

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*

Tenable Plugins

View all (24 total)

IDNameProductFamilySeverity
129559Amazon Linux 2 : libxml2 (ALAS-2019-1301)NessusAmazon Linux Local Security Checks
critical
129206EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2013)NessusHuawei Local Security Checks
critical
128910EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1858)NessusHuawei Local Security Checks
critical
126553EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2019-1711)NessusHuawei Local Security Checks
critical
126426EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1685)NessusHuawei Local Security Checks
critical
106828Fedora 26 : libxml2 (2018-a6b59d8f78)NessusFedora Local Security Checks
critical
106521Fedora 27 : libxml2 (2018-db610fff5b)NessusFedora Local Security Checks
critical
99492Fedora 24 : libxml2 (2017-be8574d593)NessusFedora Local Security Checks
critical
99491Fedora 25 : libxml2 (2017-a3a47973eb)NessusFedora Local Security Checks
critical
97793Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libxml2 vulnerabilities (USN-3235-1)NessusUbuntu Local Security Checks
critical
97116openSUSE Security Update : libxml2 (openSUSE-2017-244)NessusSuSE Local Security Checks
critical
97015SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2017:0380-1)NessusSuSE Local Security Checks
critical
96541GLSA-201701-37 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
96101Debian DSA-3744-1 : libxml2 - security updateNessusDebian Local Security Checks
critical
94598openSUSE Security Update : libxml2 (openSUSE-2016-1265)NessusSuSE Local Security Checks
critical
94529openSUSE Security Update : libxml2 (openSUSE-2016-1259)NessusSuSE Local Security Checks
critical
94448Debian DLA-691-1 : libxml2 security updateNessusDebian Local Security Checks
critical
94320SUSE SLES11 Security Update : libxml2 (SUSE-SU-2016:2652-1)NessusSuSE Local Security Checks
critical
94319SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2016:2650-1)NessusSuSE Local Security Checks
critical
9620Mac OS X 10.x < 10.12 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
9621Apple TV < 10.0 Multiple VulnerabilitiesNessus Network MonitorInternet Services
critical
9619Apple iOS < 10.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
93776Apple TV < 10 Multiple VulnerabilitiesNessusMisc.
critical
93685macOS < 10.12 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical