Vulnerability CVE-2016-1834: Information

Description

Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-1834
Published: May 20, 2016
Modified: March 25, 2019
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libxml2sisyphus2.9.4.0.12.e905-alt12.12.7-alt1ALT-PU-2017-1240-1179126Fixed
libxml2p102.9.4.0.12.e905-alt12.9.12-alt1.p10.1ALT-PU-2017-1240-1179126Fixed
libxml2p92.9.4.0.12.e905-alt12.9.10-alt6.p9.1ALT-PU-2017-1240-1179126Fixed
libxml2p82.9.4.0.12.e905-alt12.9.4.0.12.e905-alt1ALT-PU-2017-1252-1179256Fixed
libxml2c10f12.9.4.0.12.e905-alt12.9.12-alt1.p10.1ALT-PU-2017-1240-1179126Fixed
libxml2c9f22.9.4.0.12.e905-alt12.9.12-alt1.c9f2.1ALT-PU-2017-1240-1179126Fixed
libxml2p112.9.4.0.12.e905-alt12.12.7-alt1ALT-PU-2017-1240-1179126Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://support.apple.com/HT206566
  • Vendor Advisory
APPLE-SA-2016-05-16-3
  • Mailing List
  • Vendor Advisory
https://support.apple.com/HT206567
  • Vendor Advisory
https://support.apple.com/HT206568
  • Vendor Advisory
https://support.apple.com/HT206564
  • Vendor Advisory
APPLE-SA-2016-05-16-1
  • Mailing List
  • Vendor Advisory
APPLE-SA-2016-05-16-2
  • Mailing List
  • Vendor Advisory
APPLE-SA-2016-05-16-4
  • Mailing List
  • Vendor Advisory
DSA-3593
  • Third Party Advisory
USN-2994-1
  • Third Party Advisory
RHSA-2016:1292
  • Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=763071
  • Exploit
  • Issue Tracking
  • Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704
  • Patch
  • Third Party Advisory
http://xmlsoft.org/news.html
  • Release Notes
  • Vendor Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
  • Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
  • Third Party Advisory
1035890
  • Third Party Advisory
  • VDB Entry
https://kc.mcafee.com/corporate/index?page=content&id=SB10170
  • Patch
  • Third Party Advisory
https://www.tenable.com/security/tns-2016-18
  • Third Party Advisory
90691
  • Third Party Advisory
  • VDB Entry
RHSA-2016:2957
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
      cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

      Configuration 2

      cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
      End excliding
      9.3.2
      cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
      End excliding
      10.11.5
      cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
      End excliding
      9.2.1
      cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
      End excliding
      2.2.1

      Configuration 3

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

      Configuration 4

      cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
      cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

      Configuration 5

      cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
      End excliding
      2.9.4

      Configuration 6

      cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
      Start including
      7.5.0.0
      End including
      7.5.2.10
      cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*
      Start including
      7.6.0.0
      End including
      7.6.2.3
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top