CVE-2016-0729

Published on: 04/07/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Xerces-c\\\+\\\+ from Apache contain the following vulnerability:

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.

  • CVE-2016-0729 has been assigned by [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 7.5 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
[XERCESC-2061] Buffer overruns in prolog parsing and error handling - ASF JIRA Vendor Advisory
issues.apache.org
text/html
URL Logo CONFIRM issues.apache.org/jira/browse/XERCESC-2061
Apache Xerces-C XML Parser Buffer Overflow ≈ Packet Storm packetstormsecurity.com
text/html
URL Logo MISC packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Overflow.html
openSUSE-SU-2016:0966-1: moderate: Security update for xerces-c lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:0966
[SECURITY] Fedora 24 Update: xerces-c-3.1.3-1.fc24 Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-9ff972ca42
Xerces-C++: Multiple vulnerabilities (GLSA 201612-46) — Gentoo security security.gentoo.org
text/html
URL Logo GENTOO GLSA-201612-46
Apache Xerces-C Buffer Overflow Lets Remote Users Deny Service or Potentially Execute Arbitrary Code - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1035113
[SECURITY] Fedora 23 Update: xerces-c-3.1.3-1.fc23 Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-ae9ac16cf3
[Apache-SVN] Revision 1727978 svn.apache.org
text/html
URL Logo CONFIRM svn.apache.org/viewvc?view=revision&revision=1727978
Vendor Advisory
xerces.apache.org
text/plain
CONFIRM xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
[SECURITY] Fedora 22 Update: xerces-c-3.1.3-1.fc22 Third Party Advisory
lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2016-880b91c090
openSUSE-SU-2016:1121-1: moderate: Security update for xerces-c lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1121
Oracle Linux Bulletin - January 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
SecurityFocus www.securityfocus.com
text/html
URL Logo BUGTRAQ 20160225 CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
CPU Oct 2018 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
Oracle Critical Patch Update - October 2019 www.oracle.com
text/html
URL Logo MISC www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
openSUSE-SU-2016:1808-1: moderate: Security update for xerces-c lists.opensuse.org
text/html
URL Logo SUSE openSUSE-SU-2016:1808
Debian -- Security Information -- DSA-3493-1 xerces-c Third Party Advisory
www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3493
No Description Provided cve.report (archive)
text/html
URL Logo BID 83423

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheXerces-c\\\+\\\+AllAllAllAll
Operating
System
FedoraprojectFedora22AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
Operating
System
FedoraprojectFedora24AllAllAll
Operating
System
FedoraprojectFedora22AllAllAll
Operating
System
FedoraprojectFedora23AllAllAll
Operating
System
FedoraprojectFedora24AllAllAll
  • cpe:2.3:a:apache:xerces-c\\\+\\\+:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*: