Описание
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libxml2 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 3 | libxml2 | Affected | ||
| Red Hat Enterprise Linux 6 | libxml2 | Fixed | RHSA-2016:1292 | 23.06.2016 |
| Red Hat Enterprise Linux 7 | libxml2 | Fixed | RHSA-2016:1292 | 23.06.2016 |
| Text-Only JBCS | Fixed | RHSA-2016:2957 | 15.12.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Heap-based buffer overflow in the xmlStrncat function in libxml2 befor ...
Heap-based buffer overflow in the xmlStrncat function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
Уязвимость операционных систем iOS и Mac OS X, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2