CVE-2016-4571

Published on: 02/03/2017 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:26:59 PM UTC

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

  • CVE-2016-4571 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 5.5 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
LOCAL LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE NONE HIGH

CVSS2 Score: 7.1 - HIGH

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE NONE COMPLETE

CVE References

Description Tags Link
Bug 1334648 – CVE-2016-4570 CVE-2016-4571 mxml: Stack exhaustion Issue Tracking
Third Party Advisory
bugzilla.redhat.com
text/html
URL Logo CONFIRM bugzilla.redhat.com/show_bug.cgi?id=1334648
oss-security - Re: CVE requested: two stack exhaustation parsing xml files using mxml Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160509 Re: CVE requested: two stack exhaustation parsing xml files using mxml
Mini-XML Stack Exhaustion Multiple Denial of Service Vulnerabilities Third Party Advisory
VDB Entry
cve.report (archive)
text/html
URL Logo BID 90315
oss-security - Re: CVE requested: two stack exhaustation parsing xml files using mxml Mailing List
Third Party Advisory
www.openwall.com
text/html
URL Logo MLIST [oss-security] 20160511 Re: CVE requested: two stack exhaustation parsing xml files using mxml
[SECURITY] [DLA 1641-1] mxml security update Third Party Advisory
lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20190125 [SECURITY] [DLA 1641-1] mxml security update

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux8.0AllAllAll
Operating
System
DebianDebian Linux8.0AllAllAll
ApplicationMsweetMini-xml2.7AllAllAll
ApplicationMsweetMini-xml2.9AllAllAll
ApplicationMsweetMini-xml2.7AllAllAll
ApplicationMsweetMini-xml2.9AllAllAll
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:msweet:mini-xml:2.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:msweet:mini-xml:2.9:*:*:*:*:*:*:*:
  • cpe:2.3:a:msweet:mini-xml:2.7:*:*:*:*:*:*:*:
  • cpe:2.3:a:msweet:mini-xml:2.9:*:*:*:*:*:*:*: