CVE-2016-9597

CWE-674 — Uncontrolled Recursion CWE-119 — Buffer Overflow6 documents6 sources

Severity

7.5HIGH

EPSS

1.3%

top 20.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Libxml2 Canonical Ubuntu Linux Debian Debian Linux +4 more

Timeline

PublishedJul 30

Latest updateMay 13

Description

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5red_hat/libxml2all

▶NVDxmlsoft/libxml22.9.3

▶NVDopensuse/leap42.1

▶NVDhp/icewall_file_manager3.0

▶NVDhp/icewall_federation_agent3.0

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04

🔴Vulnerability Details

GHSA

GHSA-94gc-v83r-7m7w: It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2↗2022-05-13

▶

CVEList

CVE-2016-9597: It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2↗2018-07-30

▶

📋Vendor Advisories

Red Hat

libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)↗2016-05-03

▶

Debian

CVE-2016-9597: libxml2 - It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-201...↗2016

▶

💬Community

Bugzilla

CVE-2016-9597 libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)↗2016-12-22

▶