Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2016-1836

Опубликовано: 20 мая 2016
Источник: debian
EPSS Низкий

Описание

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxml2fixed2.9.3+dfsg1-1.1package
libxml2not-affectedwheezypackage

Примечания

  • Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/45752d2c334b50016666d8f0ec3691e2d680f0a0 (v2.9.4)

  • Introduced by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/dcc19503193c71596278a252064a8ce66331b3cd (v2.9.2)

  • https://bugzilla.gnome.org/show_bug.cgi?id=759398

  • Regression applies to Jessie, since fix backported as 0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch

EPSS

Процентиль: 78%
0.01153
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2016-1836

CVSS3: 5.5
ubuntu
больше 9 лет назад

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

redhat логотип

CVE-2016-1836

redhat
больше 9 лет назад

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

nvd логотип

CVE-2016-1836

CVSS3: 5.5
nvd
больше 9 лет назад

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

github логотип

GHSA-82c9-fqj6-w7gm

CVSS3: 5.5
github
больше 3 лет назад

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

fstec логотип

BDU:2016-01380

CVSS3: 7.3
fstec
больше 9 лет назад

Уязвимость операционных систем iOS и Mac OS X, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 78%
0.01153
Низкий