CVE-2016-3627

CWE-674 — Uncontrolled Recursion CWE-20 — Improper Input Validation CWE-122 — Heap-based Buffer Overflow17 documents8 sources

Severity

7.5HIGH

EPSS

0.2%

top 62.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Canonical Ubuntu Linux Debian Debian Linux +10 more

Timeline

PublishedMay 17

Latest updateMay 14

Description

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

▶Debianlibxml2< 2.9.3+dfsg1-1.1+3

▶Ubuntulibxml2< 2.9.1+dfsg1-3ubuntu4.8+1

▶NVDxmlsoft/libxml22.9.3

▶NVDopensuse/leap42.1

▶NVDoracle/solaris11.3

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04, Enterprise Linux 7.2, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: seclists.org ↗Patch: www.openwall.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

GHSA

GHSA-2xwf-cg9m-5547: The xmlStringGetNodeList function in tree↗2022-05-14

▶

OSV

libxml2 vulnerabilities↗2016-06-06

▶

OSV

CVE-2016-3627: The xmlStringGetNodeList function in tree↗2016-05-17

▶

CVEList

CVE-2016-3627: The xmlStringGetNodeList function in tree↗2016-05-17

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2016-06-06

▶

Red Hat

libxml2: out-of-bounds read↗2016-05-03

▶

Red Hat

libxml2: stack exhaustion while parsing xml files in recovery mode↗2016-03-21

▶

Red Hat

libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)↗2016-03-21

▶

Debian

CVE-2016-3627: libxml2 - The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when u...↗2016

▶

💬Community

Bugzilla

CVE-2016-9596 libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)↗2016-12-22

▶

Bugzilla

CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)↗2016-12-22

▶

Bugzilla

CVE-2016-4483 libxml2: out-of-bounds read↗2016-05-04

▶

Bugzilla

CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode↗2016-03-21

▶

Bugzilla

CVE-2016-3627 mingw-libxml2: libxml2: stack exhaustion while parsing xml files in recovery mode [epel-7]↗2016-03-21

▶