CVE-2016-1835

Published on: 05/20/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Certain versions of Iphone Os from Apple contain the following vulnerability:

Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of service via a crafted XML document.

  • CVE-2016-1835 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.8 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 6.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
About the security content of OS X El Capitan v10.11.5 and Security Update 2016-003 - Apple Support Vendor Advisory
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206567
APPLE-SA-2016-05-16-2 iOS 9.3.2 Vendor Advisory
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-05-16-2
USN-2994-1: libxml2 vulnerabilities | Ubuntu www.ubuntu.com
text/html
URL Logo UBUNTU USN-2994-1
Heap use-after-free in xmlSAX2AttributeNs (38eae571) · Commits · GNOME / libxml2 · GitLab git.gnome.org
text/html
URL Logo CONFIRM git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb
Bug 759020 – Heap use-after-free in xmlSAX2AttributeNs bugzilla.gnome.org
text/html
URL Logo CONFIRM bugzilla.gnome.org/show_bug.cgi?id=759020
APPLE-SA-2016-05-16-4 OS X El Capitan 10.11.5 and Security Update 2016-003 Vendor Advisory
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-05-16-4
Debian -- Security Information -- DSA-3593-1 libxml2 www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-3593
Oracle Linux Bulletin - July 2016 web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Apple iOS Multiple Flaws Let Remote Users Execute Arbitrary Code and Deny Service and Let Remote and Local Users Obtain Potentially Sensitive Information - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1035890
[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable™ www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2016-18
McAfee Security Bulletin: McAfee Web Gateway update fixes several vulnerabilities related to xml parsing kc.mcafee.com
text/html
URL Logo CONFIRM kc.mcafee.com/corporate/index?page=content&id=SB10170
Red Hat Customer Portal access.redhat.com
text/html
URL Logo REDHAT RHSA-2016:1292
Oracle VM Server for x86 Bulletin - July 2016 web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Releases xmlsoft.org
text/xml
URL Logo CONFIRM xmlsoft.org/news.html
About the security content of iOS 9.3.2 - Apple Support Vendor Advisory
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206568
Red Hat Customer Portal web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2957
Apple Mac OS X APPLE-SA-2016-05-16-4 Multiple Security Vulnerabilities cve.report (archive)
text/html
URL Logo BID 90696
Oracle Solaris Bulletin - July 2016 www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
AppleIphone OsAllAllAllAll
Operating
System
AppleMac Os XAllAllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
CanonicalUbuntu Linux12.04AllAllAll
Operating
System
CanonicalUbuntu Linux14.04AllAllAll
Operating
System
CanonicalUbuntu Linux15.10AllAllAll
Operating
System
CanonicalUbuntu Linux16.04AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*:
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*: