Уязвимость CVE-2016-4472: Информация

Описание

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

Важность: HIGH (8,1) Вектор: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Исправленные пакеты

Ссылки на рекомендации, решения и инструменты

1. Подверженные конфигурации:

   1. Конфигурация 1

      cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

      End including

      2.1.1

      ---

      Конфигурация 2

      cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

      ---

      Конфигурация 3

      cpe:2.3:a:mcafee:policy_auditor:*:*:*:*:*:*:*:*

      End excliding

      6.5.1

      ---

      Конфигурация 4

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.6.0

      End excliding

      3.6.2

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.5.0

      End excliding

      3.5.4

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.4.0

      End excliding

      3.4.7

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      3.3.0

      End excliding

      3.3.7

      ---

      cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

      Start including

      2.7.0

      End excliding

      2.7.15

      ---