The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
21 Nov 2024, 02:47
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.apple.com/archives/security-announce/2016/May/msg00001.html - Mailing List, Vendor Advisory | |
References | () http://lists.apple.com/archives/security-announce/2016/May/msg00002.html - Mailing List, Vendor Advisory | |
References | () http://lists.apple.com/archives/security-announce/2016/May/msg00003.html - Mailing List, Vendor Advisory | |
References | () http://lists.apple.com/archives/security-announce/2016/May/msg00004.html - Mailing List, Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2016-2957.html - Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html - Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html - Third Party Advisory | |
References | () http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - Third Party Advisory | |
References | () http://www.securityfocus.com/bid/90691 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1035890 - Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id/1038623 - Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/USN-2994-1 - Third Party Advisory | |
References | () http://xmlsoft.org/news.html - Release Notes, Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2016:1292 - Third Party Advisory | |
References | () https://bugzilla.gnome.org/show_bug.cgi?id=758605 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33 - Patch, Third Party Advisory | |
References | () https://kc.mcafee.com/corporate/index?page=content&id=SB10170 - Patch, Third Party Advisory | |
References | () https://security.gentoo.org/glsa/201701-37 - Third Party Advisory | |
References | () https://support.apple.com/HT206564 - Vendor Advisory | |
References | () https://support.apple.com/HT206566 - Vendor Advisory | |
References | () https://support.apple.com/HT206567 - Vendor Advisory | |
References | () https://support.apple.com/HT206568 - Vendor Advisory | |
References | () https://www.debian.org/security/2016/dsa-3593 - Third Party Advisory | |
References | () https://www.tenable.com/security/tns-2016-18 - Third Party Advisory |
Information
Published : 2016-05-20 10:59
Updated : 2024-11-21 02:47
NVD link : CVE-2016-1839
Mitre link : CVE-2016-1839
CVE.ORG link : CVE-2016-1839
JSON object : View
Products Affected
apple
- mac_os_x
- watchos
- iphone_os
- tvos
redhat
- enterprise_linux_server
- enterprise_linux_server_eus
- enterprise_linux_desktop
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_workstation
mcafee
- web_gateway
canonical
- ubuntu_linux
xmlsoft
- libxml2
debian
- debian_linux
CWE
CWE-125
Out-of-bounds Read