CVE-2016-5131

MEDIUM

Description

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

References

http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html

http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00021.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00022.html

http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00028.html

http://rhn.redhat.com/errata/RHSA-2016-1485.html

http://www.debian.org/security/2016/dsa-3637

http://www.securityfocus.com/bid/92053

http://www.securitytracker.com/id/1036428

http://www.securitytracker.com/id/1038623

http://www.ubuntu.com/usn/USN-3041-1

https://bugzilla.redhat.com/show_bug.cgi?id=1358641

https://codereview.chromium.org/2127493002

https://crbug.com/623378

https://security.gentoo.org/glsa/201610-09

https://security.gentoo.org/glsa/201701-37

https://source.android.com/security/bulletin/2017-05-01

https://support.apple.com/HT207141

https://support.apple.com/HT207142

https://support.apple.com/HT207143

https://support.apple.com/HT207170

Details

Source: MITRE

Published: 2016-07-23

Updated: 2019-03-26

Type: CWE-416

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
143920NewStart CGSL CORE 5.05 / MAIN 5.05 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0091)NessusNewStart CGSL Local Security Checks
medium
143906NewStart CGSL CORE 5.04 / MAIN 5.04 : libxml2 Multiple Vulnerabilities (NS-SA-2020-0060)NessusNewStart CGSL Local Security Checks
medium
139549Amazon Linux AMI : libxml2 (ALAS-2020-1415)NessusAmazon Linux Local Security Checks
medium
138855Amazon Linux 2 : libxml2 (ALAS-2020-1466)NessusAmazon Linux Local Security Checks
medium
135819Scientific Linux Security Update : libxml2 on SL7.x x86_64 (20200407)NessusScientific Linux Local Security Checks
medium
135358CentOS 7 : libxml2 (CESA-2020:1190)NessusCentOS Local Security Checks
medium
135071RHEL 7 : libxml2 (RHSA-2020:1190)NessusRed Hat Local Security Checks
medium
110732EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2018-1156)NessusHuawei Local Security Checks
high
109487EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2018-1089)NessusHuawei Local Security Checks
critical
109486EulerOS 2.0 SP1 : libxml2 (EulerOS-SA-2018-1088)NessusHuawei Local Security Checks
high
106828Fedora 26 : libxml2 (2018-a6b59d8f78)NessusFedora Local Security Checks
critical
106741openSUSE Security Update : libxml2 (openSUSE-2018-154)NessusSuSE Local Security Checks
medium
106708SUSE SLED12 / SLES12 Security Update : libxml2 (SUSE-SU-2018:0401-1)NessusSuSE Local Security Checks
medium
106707SUSE SLES11 Security Update : libxml2 (SUSE-SU-2018:0395-1)NessusSuSE Local Security Checks
medium
106521Fedora 27 : libxml2 (2018-db610fff5b)NessusFedora Local Security Checks
critical
99492Fedora 24 : libxml2 (2017-be8574d593)NessusFedora Local Security Checks
critical
99491Fedora 25 : libxml2 (2017-a3a47973eb)NessusFedora Local Security Checks
critical
97793Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : libxml2 vulnerabilities (USN-3235-1)NessusUbuntu Local Security Checks
critical
96541GLSA-201701-37 : libxml2: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
96101Debian DSA-3744-1 : libxml2 - security updateNessusDebian Local Security Checks
critical
94448Debian DLA-691-1 : libxml2 security updateNessusDebian Local Security Checks
critical
94420GLSA-201610-09 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
9620Mac OS X 10.x < 10.12 Multiple VulnerabilitiesNessus Network MonitorOperating System Detection
critical
9619Apple iOS < 10.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
93776Apple TV < 10 Multiple VulnerabilitiesNessusMisc.
critical
93685macOS < 10.12 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
802027Chrome < 52.0.2743.82 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
9480Google Chrome < 52.0.2743.82 Multiple VulnerabilitesNessus Network MonitorWeb Clients
critical
92784Ubuntu 14.04 LTS / 16.04 LTS : oxide-qt vulnerabilities (USN-3041-1)NessusUbuntu Local Security Checks
high
92666Debian DSA-3637-1 : chromium-browser - security updateNessusDebian Local Security Checks
high
92655openSUSE Security Update : Chromium (openSUSE-2016-919)NessusSuSE Local Security Checks
high
92629Google Chrome < 52.0.2743.82 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
high
92628Google Chrome < 52.0.2743.82 Multiple VulnerabilitiesNessusWindows
high
92552RHEL 6 : chromium-browser (RHSA-2016:1485)NessusRed Hat Local Security Checks
high
92551openSUSE Security Update : Chromium (openSUSE-2016-901)NessusSuSE Local Security Checks
high
92550openSUSE Security Update : Chromium (openSUSE-2016-900)NessusSuSE Local Security Checks
high
92537FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)NessusFreeBSD Local Security Checks
high