Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-3705

Опубликовано: 17 мая 2016
Источник: ubuntu
Приоритет: low
CVSS2: 5
CVSS3: 7.5

Описание

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

РелизСтатусПримечание
devel

not-affected

2.9.3+dfsg1-1.2
esm-infra-legacy/trusty

released

2.9.1+dfsg1-3ubuntu4.8
esm-infra/xenial

released

2.9.3+dfsg1-1ubuntu0.1
precise

released

2.7.8.dfsg-5.1ubuntu4.15
precise/esm

not-affected

2.7.8.dfsg-5.1ubuntu4.15
trusty

released

2.9.1+dfsg1-3ubuntu4.8
trusty/esm

released

2.9.1+dfsg1-3ubuntu4.8
upstream

released

2.9.4
vivid/stable-phone-overlay

ignored

end of life
vivid/ubuntu-core

DNE

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-3705

redhat
почти 10 лет назад

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

nvd логотип

CVE-2016-3705

CVSS3: 7.5
nvd
больше 9 лет назад

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

debian логотип

CVE-2016-3705

CVSS3: 7.5
debian
больше 9 лет назад

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...

github логотип

GHSA-r6qj-ff26-p4v7

CVSS3: 7.5
github
больше 3 лет назад

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

fstec логотип

BDU:2018-01270

CVSS3: 7.5
fstec
больше 9 лет назад

Уязвимость функций xmlParserEntityCheck и xmlParseAttValueComplex библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании

5 Medium

CVSS2

7.5 High

CVSS3