Vulnerability CVE-2016-4483: Information

Description

The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2016-4483

Published: April 11, 2017

Modified: Nov. 7, 2023

Error type identifier: CWE-502

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
libxml2	sisyphus	2.9.4.0.12.e905-alt1	2.12.6-alt1	ALT-PU-2017-1240-1	179126	Fixed
libxml2	p10	2.9.4.0.12.e905-alt1	2.9.12-alt1.p10.1	ALT-PU-2017-1240-1	179126	Fixed
libxml2	p9	2.9.4.0.12.e905-alt1	2.9.10-alt6.p9.1	ALT-PU-2017-1240-1	179126	Fixed
libxml2	p8	2.9.4.0.12.e905-alt1	2.9.4.0.12.e905-alt1	ALT-PU-2017-1252-1	179256	Fixed
libxml2	c10f1	2.9.4.0.12.e905-alt1	2.9.12-alt1.p10.1	ALT-PU-2017-1240-1	179126	Fixed
libxml2	c9f2	2.9.4.0.12.e905-alt1	2.9.12-alt1.c9f2.1	ALT-PU-2017-1240-1	179126	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd	Patch Third Party Advisory
[oss-security] 20160607 Re: Please reject duplicate CVE for libxml2	Mailing List Patch Third Party Advisory
[oss-security] 20160607 Please reject duplicate CVE for libxml2	Mailing List Patch Third Party Advisory
[oss-security] 20160504 Re: CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode	Mailing List Third Party Advisory
[oss-security] 20160503 CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode	Exploit Mailing List Third Party Advisory
DSA-3593	Third Party Advisory
90013	Third Party Advisory VDB Entry
https://www.tenable.com/security/tns-2016-18	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html	Third Party Advisory
GLSA-201701-37	Third Party Advisory
1036348	Third Party Advisory VDB Entry
RHSA-2016:2957	Third Party Advisory
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8

Affected configurations:
1. Configuration 1
  cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*
  End excliding
  2.9.4
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Version: v24.5.0

Vulnerability CVE-2016-4483: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3