CVE-2016-1835
published 2016-05-20CVE-2016-1835: Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows…
PriorityP343high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
5.13%
91.3th percentile
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.3.1 | — |
| apple | mac_os_x | <= 10.11.4 | — |
| apple | os_x_el_capitan_v10.11.5_and_security_update_2016-003 | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.3+dfsg1-1.1 (bookworm) | libxml2 2.9.3+dfsg1-1.1 (bookworm) |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1.1 | 2.9.3+dfsg1-1.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1.1 | 2.9.3+dfsg1-1.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1.1 | 2.9.3+dfsg1-1.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1.1 | 2.9.3+dfsg1-1.1 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.8 | 2.9.1+dfsg1-3ubuntu4.8 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1ubuntu0.1 | 2.9.3+dfsg1-1ubuntu0.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libxml2 vulnerabilities
vendor_ubuntu·2016-06-06·CVSS 7.5
CVE-2015-8806 [HIGH] libxml2 vulnerabilities
Title: libxml2 vulnerabilities
Summary: Several security issues were fixed in libxml2.
It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly cause libxml2 to
crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could cause libxml2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain
malfo
Red Hat
libxml2: Heap use-after-free in xmlSAX2AttributeNs
vendor_redhat·2016-05-23·CVSS 8.8
CVE-2016-1835 [HIGH] CWE-416 libxml2: Heap use-after-free in xmlSAX2AttributeNs
libxml2: Heap use-after-free in xmlSAX2AttributeNs
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
Package: libxml2 (Red Hat Enterprise Linux 5) - Will not fix
Package: libxml2 (Red Hat JBoss Enterprise Web Server 3) - Affected
Debian
CVE-2016-1835: libxml2 - Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 befor...
vendor_debian·2016·CVSS 8.8
CVE-2016-1835 [HIGH] CVE-2016-1835: libxml2 - Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 befor...
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
Scope: local
bookworm: resolved (fixed in 2.9.3+dfsg1-1.1)
bullseye: resolved (fixed in 2.9.3+dfsg1-1.1)
forky: resolved (fixed in 2.9.3+dfsg1-1.1)
sid: resolved (fixed in 2.9.3+dfsg1-1.1)
trixie: resolved (fixed in 2.9.3+dfsg1-1.1)
Apple
CVE-2016-1835: OS X El Capitan v10.11.5 and Security Update 2016-003
vendor_apple·CVSS 8.8
CVE-2016-1835 [HIGH] CVE-2016-1835: OS X El Capitan v10.11.5 and Security Update 2016-003
Apple Security Update: About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003
Product: OS X El Capitan v10.11.5 and Security Update 2016-003
CVE: CVE-2016-1835
Component: CVE-ID
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
Apple
CVE-2016-1835: iOS 9.3.2
vendor_apple·CVSS 8.8
CVE-2016-1835 [HIGH] CVE-2016-1835: iOS 9.3.2
Apple Security Update: About the security content of iOS 9.3.2
Product: iOS
Version: 9.3.2
CVE: CVE-2016-1835
Component: CVE-ID
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue was addressed through improved memory handling.
GHSA
GHSA-7hp3-f9p7-w8f9: Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2
ghsa_unreviewed·2022-05-14
CVE-2016-1835 [HIGH] CWE-119 GHSA-7hp3-f9p7-w8f9: Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
OSV
libxml2 vulnerabilities
osv·2016-06-06·CVSS 7.5
CVE-2015-8806 [HIGH] libxml2 vulnerabilities
libxml2 vulnerabilities
It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could possibly cause libxml2 to
crash, resulting in a denial of service. (CVE-2015-8806, CVE-2016-2073,
CVE-2016-3627, CVE-2016-3705, CVE-2016-4447)
It was discovered that libxml2 incorrectly handled certain malformed
documents. If a user or automated system were tricked into opening a
specially crafted document, an attacker could cause libxml2 to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2016-1762, CVE-2016-1834)
Mateusz Jurczyk discovered that libxml2 incorrectly handled certain
malformed documents. If a user or automated system were tricked into
OSV
CVE-2016-1835: Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2
osv·2016-05-20·CVSS 8.8
CVE-2016-1835 [HIGH] CVE-2016-1835: Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2
Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.
No detection rules found.
No public exploits indexed.
HackerOne
Multiple issues in Libxml2 (2.9.2 - 2.9.5)
hackerone·2019-10-14·CVSS 4.3
[MEDIUM] Multiple issues in Libxml2 (2.9.2 - 2.9.5)
Multiple issues in Libxml2 (2.9.2 - 2.9.5)
Libxml2 is the XML C parser and toolkit developed for the Gnome project. Due to its flexible C implementation and continuous development, Libxml2 is known to be very portable, the library builds and works on a variety of systems (Linux, Unix, Windows, CygWin, MacOS, MacOS X, RISC Os, OS/2, VMS, QNX, MVS, VxWorks, ...). It is or has been adopted by many major vendors or products including Google (Chrome), VMWare, Apple (Safari, Mac OSX, iOS, ...), and many embedded systems. As in the [Google Patch Rewards](https://www.google.com.sg/about/appsecurity/patch-rewards) , Libxml2 is listed in the category of core infrastructure data parsers.
From 2015-2016, our fuzzing work on Libxml2 has systematically identified a sequence of bugs including use-after
Bugzilla
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-a
bugzilla·2016-06-24·CVSS 8.1
CVE-2016-1762 [HIGH] CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-a
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 libxml2: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE
Bugzilla
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fe
bugzilla·2016-06-24·CVSS 8.1
CVE-2016-1762 [HIGH] CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fe
CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1836 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-4447 CVE-2016-4448 CVE-2016-4449 mingw-libxml2: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention t
Bugzilla
CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
bugzilla·2016-05-23·CVSS 8.8
CVE-2016-1835 [HIGH] CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
CVE-2016-1835 libxml2: Heap use-after-free in xmlSAX2AttributeNs
A vulnerability was found in the libxml2 library. A maliciously crafted file could cause the application to crash due to a Heap use-after-free in xmlSAX2AttributeNs.
References:
https://bugzilla.gnome.org/show_bug.cgi?id=759020
Upstream fix:
https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Via RHSA-2016:1292 https://access.redhat.com/errata/RHSA-2016:1292
---
Created libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1349794]
---
Created mingw-libxml2 tracking bugs for this issue:
Affects: fedora-all [bug 1349795]
---
This issue has been
Tenable
[R2] Nessus 6.10 Fixes Multiple Third-party Library Vulnerabilities
blogs_tenable·2017-02-01
[R2] Nessus 6.10 Fixes Multiple Third-party Library Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities
blogs_tenable·2017-01-31
[R3] LCE 5.0.0 Fixes Multiple Third-party Library Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
http://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/90696http://www.securitytracker.com/id/1035890http://www.ubuntu.com/usn/USN-2994-1http://xmlsoft.org/news.htmlhttps://access.redhat.com/errata/RHSA-2016:1292https://bugzilla.gnome.org/show_bug.cgi?id=759020https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fbhttps://kc.mcafee.com/corporate/index?page=content&id=SB10170https://support.apple.com/HT206567https://support.apple.com/HT206568https://www.debian.org/security/2016/dsa-3593https://www.tenable.com/security/tns-2016-18http://lists.apple.com/archives/security-announce/2016/May/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/May/msg00004.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2957.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlhttp://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlhttp://www.securityfocus.com/bid/90696http://www.securitytracker.com/id/1035890http://www.ubuntu.com/usn/USN-2994-1http://xmlsoft.org/news.htmlhttps://access.redhat.com/errata/RHSA-2016:1292https://bugzilla.gnome.org/show_bug.cgi?id=759020https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fbhttps://kc.mcafee.com/corporate/index?page=content&id=SB10170https://support.apple.com/HT206567https://support.apple.com/HT206568https://www.debian.org/security/2016/dsa-3593https://www.tenable.com/security/tns-2016-18
2016-05-20
Published