QwikSec

Security Database

CVE

CWE

Training

CVE-2016-3705

Published: May 17, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser)

mailing-list

x_refsource_FULLDISC

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

x_refsource_CONFIRM

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239

x_refsource_CONFIRM

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

x_refsource_CONFIRM

openSUSE-SU-2016:1446

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2016:1298

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_UBUNTU

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

x_refsource_CONFIRM

https://www.tenable.com/security/tns-2016-18

x_refsource_CONFIRM

https://bugzilla.gnome.org/show_bug.cgi?id=765207

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.