CVE-2016-4448

Published on: 06/09/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:57 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Certain versions of Icloud from Apple contain the following vulnerability:

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

  • CVE-2016-4448 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as - currently rated as CRITICAL severity.

CVSS3 Score: 9.8 - CRITICAL

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 10 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
COMPLETE COMPLETE COMPLETE

CVE References

Description Tags Link
About the security content of iCloud for Windows 5.2.1 - Apple Support Release Notes
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206899
About the security content of OS X El Capitan v10.11.6 and Security Update 2016-004 - Apple Support Release Notes
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206903
More format string warnings with possible format string vulnerability (502f6a6d) · Commits · GNOME / libxml2 · GitLab Vendor Advisory
git.gnome.org
text/html
URL Logo CONFIRM git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b
Apple macOS/OS X Multiple Flaws Let Remote and Local Users Deny Service, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker Third Party Advisory
VDB Entry
www.securitytracker.com
text/html
URL Logo SECTRACK 1036348
Libxml2 CVE-2016-4448 Remote Format String Vulnerability Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 90856
APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004 Mailing List
Release Notes
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-07-18-1
APPLE-SA-2016-07-18-6 iTunes 12.4.2 Mailing List
Release Notes
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-07-18-6
The Slackware Linux Project: Slackware Security Advisories Third Party Advisory
www.slackware.com
text/html
URL Logo SLACKWARE SSA:2016-148-01
Fix some format string warnings with possible format string vulnerability (4472c3a5) · Commits · GNOME / libxml2 · GitLab Vendor Advisory
git.gnome.org
text/html
URL Logo CONFIRM git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9
Oracle Linux Bulletin - July 2016 Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
About the security content of watchOS 2.2.2 - Apple Support Release Notes
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206904
[R7] LCE 4.8.1 Fixes Multiple Vulnerabilities - Security Advisory | Tenable™ Third Party Advisory
www.tenable.com
text/html
URL Logo CONFIRM www.tenable.com/security/tns-2016-18
McAfee Security Bulletin: McAfee Web Gateway update fixes several vulnerabilities related to xml parsing Third Party Advisory
kc.mcafee.com
text/html
URL Logo CONFIRM kc.mcafee.com/corporate/index?page=content&id=SB10170
Red Hat Customer Portal Third Party Advisory
access.redhat.com
text/html
URL Logo REDHAT RHSA-2016:1292
Oracle VM Server for x86 Bulletin - July 2016 Vendor Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Bug 1338700 – CVE-2016-4448 libxml2: Format string vulnerability Issue Tracking
Third Party Advisory
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1338700
Releases Release Notes
xmlsoft.org
text/xml
URL Logo CONFIRM xmlsoft.org/news.html
About the security content of iOS 9.3.3 - Apple Support Release Notes
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206902
oss-security - 3 libxml2 issues Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160525 3 libxml2 issues
APPLE-SA-2016-07-18-3 watchOS 2.2.2 Mailing List
Release Notes
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-07-18-3
About the security content of iTunes 12.4.2 for Windows - Apple Support Release Notes
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206901
Document Display | HPE Support Center Third Party Advisory
h20566.www2.hpe.com
text/html
URL Logo CONFIRM h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709
APPLE-SA-2016-07-18-4 tvOS 9.2.2 Mailing List
Release Notes
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-07-18-4
APPLE-SA-2016-07-18-2 iOS 9.3.3 Mailing List
Release Notes
lists.apple.com
text/html
URL Logo APPLE APPLE-SA-2016-07-18-2
About the security content of tvOS 9.2.2 - Apple Support Release Notes
support.apple.com
text/html
URL Logo CONFIRM support.apple.com/HT206905
Red Hat Customer Portal Third Party Advisory
web.archive.org
text/html
Inactive LinkNot Archived
URL Logo REDHAT RHSA-2016:2957
Oracle Solaris Bulletin - July 2016 Third Party Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationAppleIcloudAllAllAllAll
ApplicationAppleIcloudAllAllAllAll
Operating
System
AppleIphone OsAllAllAllAll
ApplicationAppleItunesAllAllAllAll
Operating
System
AppleMac Os XAllAllAllAll
Operating
System
AppleMac Os XAllAllAllAll
Operating
System
AppleTvosAllAllAllAll
Operating
System
AppleWatchosAllAllAllAll
ApplicationHpIcewall Federation Agent3.0AllAllAll
ApplicationHpIcewall Federation Agent3.0AllAllAll
ApplicationMcafeeWeb GatewayAllAllAllAll
ApplicationMcafeeWeb GatewayAllAllAllAll
Operating
System
MicrosoftWindowsAllAllAllAll
Operating
System
MicrosoftWindows-AllAllAll
Operating
System
MicrosoftWindowsAllAllAllAll
Operating
System
MicrosoftWindows-AllAllAll
Operating
System
OracleLinux6AllAllAll
Operating
System
OracleLinux70AllAll
Operating
System
OracleLinux6AllAllAll
Operating
System
OracleLinux70AllAll
Operating
System
OracleVm Server3.3AllAllAll
Operating
System
OracleVm Server3.4AllAllAll
Operating
System
OracleVm Server3.3AllAllAll
Operating
System
OracleVm Server3.4AllAllAll
Operating
System
RedhatEnterprise Linux6.0AllAllAll
Operating
System
RedhatEnterprise Linux7.0AllAllAll
Operating
System
RedhatEnterprise Linux6.0AllAllAll
Operating
System
RedhatEnterprise Linux7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop6.0AllAllAll
Operating
System
RedhatEnterprise Linux Desktop7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server6.0AllAllAll
Operating
System
RedhatEnterprise Linux Server7.0AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Aus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.4AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.5AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Eus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.2AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.3AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.6AllAllAll
Operating
System
RedhatEnterprise Linux Server Tus7.7AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation6.0AllAllAll
Operating
System
RedhatEnterprise Linux Workstation7.0AllAllAll
Operating
System
SlackwareSlackware Linux14.0AllAllAll
Operating
System
SlackwareSlackware Linux14.1AllAllAll
Operating
System
SlackwareSlackware Linux14.0AllAllAll
Operating
System
SlackwareSlackware Linux14.1AllAllAll
ApplicationTenableLog Correlation Engine4.8.0AllAllAll
ApplicationTenableLog Correlation Engine4.8.0AllAllAll
ApplicationXmlsoftLibxml2AllAllAllAll
  • cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*:
  • cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:log_correlation_engine:4.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:tenable:log_correlation_engine:4.8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*: