CVE-2016-5131

Опубликовано: 20 июл. 2016

Источник: redhat

CVSS3: 8.8

CVSS2: 6.8

Описание

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

Отчет

This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	libxml2	Will not fix
Red Hat Enterprise Linux 6	libxml2	Will not fix
Red Hat Enterprise Linux 8	libxml2	Not affected
Red Hat Enterprise Linux 8	mingw-libxml2	Affected
Red Hat JBoss Core Services	libxml2	Affected
Red Hat JBoss Enterprise Web Server 3	libxml2	Will not fix
Red Hat Ansible Tower 3.5 for RHEL 7	ansible-tower-35/ansible-tower	Fixed	RHBA-2020:1539	22.04.2020
Red Hat Ansible Tower 3.6 for RHEL 7	ansible-tower-36/ansible-tower	Fixed	RHBA-2020:1540	22.04.2020
Red Hat Enterprise Linux 6 Supplementary	chromium-browser	Fixed	RHSA-2016:1485	26.07.2016
Red Hat Enterprise Linux 7	libxml2	Fixed	RHSA-2020:1190	31.03.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1358641libxml2: Use after free triggered by XPointer paths beginning with range-to

8.8 High

CVSS3

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2016-5131

CVSS3: 8.8

ubuntu

больше 9 лет назад

CVE-2016-5131

CVSS3: 8.8

nvd

больше 9 лет назад

CVE-2016-5131

CVSS3: 8.8

debian

больше 9 лет назад

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Goog ...

GHSA-m2p3-mc6m-w9j7

CVSS3: 8.8

github

больше 3 лет назад

openSUSE-SU-2018:0418-1

suse-cvrf

почти 8 лет назад

Security update for libxml2

8.8 High

CVSS3

6.8 Medium

CVSS2