CVE - CVE-2016-3627

CVE-ID
CVE-2016-3627	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
FULLDISC:20160503 CVE-2016-3627 CVE-2016-3705: libxml2: stack overflow in xml validator (parser) URL:http://seclists.org/fulldisclosure/2016/May/10 MLIST:[oss-security] 20160321 CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode URL:http://www.openwall.com/lists/oss-security/2016/03/21/2 MLIST:[oss-security] 20160321 Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode URL:http://www.openwall.com/lists/oss-security/2016/03/21/3 CONFIRM:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239 CONFIRM:http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10170 CONFIRM:https://www.tenable.com/security/tns-2016-18 DEBIAN:DSA-3593 URL:https://www.debian.org/security/2016/dsa-3593 GENTOO:GLSA-201701-37 URL:https://security.gentoo.org/glsa/201701-37 REDHAT:RHSA-2016:1292 URL:https://access.redhat.com/errata/RHSA-2016:1292 REDHAT:RHSA-2016:2957 URL:http://rhn.redhat.com/errata/RHSA-2016-2957.html SUSE:openSUSE-SU-2016:1298 URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html SUSE:openSUSE-SU-2016:1446 URL:http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html UBUNTU:USN-2994-1 URL:http://www.ubuntu.com/usn/USN-2994-1 BID:84992 URL:http://www.securityfocus.com/bid/84992 SECTRACK:1035335 URL:http://www.securitytracker.com/id/1035335
Assigning CNA
N/A
Date Entry Created
20160321	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20160321)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org