CVE-2016-9596
published 2018-08-16CVE-2016-9596: libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption)…
PriorityP424medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.91%
55.4th percentile
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libxml2 | — | — |
| xmlsoft | libxml2 | < 2.9.4 | 2.9.4 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)
vendor_redhat·2016-03-21·CVSS 7.5
CVE-2016-9596 [HIGH] CWE-674 libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)
libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
Package: libxml2 (Red Hat Enterprise Linux 5) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 6) - Not affected
Package: libxml2 (Red Hat Enterprise Linux 7) - Not affected
Package: httpd (Red Hat JBoss Core Services) - Affected
Debian
CVE-2016-9596: libxml2 - libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allow...
vendor_debian·2016·CVSS 7.5
CVE-2016-9596 [HIGH] CVE-2016-9596: libxml2 - libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allow...
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-ch7x-55jf-9fgx: libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack cons
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2016-9596 [HIGH] CWE-400 GHSA-ch7x-55jf-9fgx: libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack cons
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)
bugzilla·2016-12-22·CVSS 7.5
CVE-2016-9597 [HIGH] CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)
CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)
It was found that Red Hat JBoss Core Services incorrectly included CVE-2016-3705 as resolved in Apache HTTP 2.4.23 (erratum RHSA-2016:2957). The release did not include the fix to libxml2, leaving it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for CVE-2016-3705.
Discussion:
Are there any details available for this? Upsteam bug, commit reference?
---
(In reply to Salvatore Bonaccorso from comment #2)
> Are there any details available for this? Upsteam bug, commit reference?
Referring to https://bugzilla.redhat.com/show_bug.cgi?id=1408302#c4
---
Hi Adam
Thanks for the information here and in the related bugs. I guess there is though s
Bugzilla
CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)
bugzilla·2016-12-22·CVSS 7.5
CVE-2016-9598 [HIGH] CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)
CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)
libxml2: out-of-bounds read
Discussion:
Are there any details available for this? Upsteam bug, commit reference?
---
(In reply to Salvatore Bonaccorso from comment #2)
> Are there any details available for this? Upsteam bug, commit reference?
Referring to https://bugzilla.redhat.com/show_bug.cgi?id=1408302#c4
---
CVE-2016-9598 was assigned for incomplete fix of CVE-2016-4483, however that was closed as duplicate of CVE-2016-3627. That actually makes this CVE a duplicate of CVE-2016-9596 since that one was assigned for incomplete fix of CVE-2016-3627.
Hence I suggest to close this one as duplicate of CVE-2016-9596. Would that work for you?
---
This CVE id is for the same issue as CVE-2016-4483 (bug 1332820)
Bugzilla
CVE-2016-9596 libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)
bugzilla·2016-12-22·CVSS 7.5
CVE-2016-9596 [HIGH] CVE-2016-9596 libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)
CVE-2016-9596 libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)
It was found that Red Hat JBoss Core Services incorrectly fixed CVE-2016-3627 in Apache HTTP 2.4.23 (erratum RHSA-2016:2957), leaving libxml2 vulnerable to a Denial of Service attack via stack consumption.
Discussion:
Are there any details available for this? Upsteam bug, commit reference?
---
(In reply to Salvatore Bonaccorso from comment #2)
> Are there any details available for this? Upsteam bug, commit reference?
This and the other two should be for a Red Hat specific security regressions, effectively duplicates of other public CVEs. I'm going to ask Bharti to fix these bugs up properly.
---
dup of CVE-2016-3627 I would say
---
This CVE id is for the same issue as
2018-08-16
Published