Libxml2 'xmlsave.c' Denial of Service Vulnerability
BID:90013
CVE-2016-4483 |Info
Libxml2 'xmlsave.c' Denial of Service Vulnerability
Bugtraq ID: | 90013 |
Class: | Unknown |
CVE: |
CVE-2016-4483 |
Remote: | Yes |
Local: | No |
Published: | May 03 2016 12:00AM |
Updated: | Jan 23 2017 06:08AM |
Credit: | Gustavo Grieco |
Vulnerable: |
XMLSoft Libxml2 2.9 XMLSoft Libxml2 2.7.8 XMLSoft Libxml2 2.7.7 XMLSoft Libxml2 2.7.6 XMLSoft Libxml2 2.7.5 XMLSoft Libxml2 2.7.4 XMLSoft Libxml2 2.7.3 XMLSoft Libxml2 2.7.2 XMLSoft Libxml2 2.7.1 XMLSoft Libxml2 2.7 XMLSoft Libxml2 2.6.32 XMLSoft Libxml2 2.6.31 XMLSoft Libxml2 2.6.30 XMLSoft Libxml2 2.6.26 XMLSoft Libxml2 2.6.24 XMLSoft Libxml2 2.6.23 XMLSoft Libxml2 2.6.22 XMLSoft Libxml2 2.6.21 XMLSoft Libxml2 2.6.20 XMLSoft Libxml2 2.6.18 XMLSoft Libxml2 2.6.17 XMLSoft Libxml2 2.6.16 XMLSoft Libxml2 2.6.15 XMLSoft Libxml2 2.6.14 XMLSoft Libxml2 2.6.13 XMLSoft Libxml2 2.6.12 XMLSoft Libxml2 2.6.11 XMLSoft Libxml2 2.6.9 XMLSoft Libxml2 2.6.8 XMLSoft Libxml2 2.6.7 XMLSoft Libxml2 2.6.6 XMLSoft Libxml2 2.6.5 XMLSoft Libxml2 2.6.4 XMLSoft Libxml2 2.6.3 XMLSoft Libxml2 2.6.2 XMLSoft Libxml2 2.6.1 XMLSoft Libxml2 2.6 .0 XMLSoft Libxml2 2.5.11 XMLSoft Libxml2 2.5.10 XMLSoft Libxml2 2.5.8 XMLSoft Libxml2 2.5.4 XMLSoft Libxml2 2.5.1 XMLSoft Libxml2 2.4.30 XMLSoft Libxml2 2.4.29 XMLSoft Libxml2 2.4.28 XMLSoft Libxml2 2.4.27 XMLSoft Libxml2 2.4.26 XMLSoft Libxml2 2.4.24 XMLSoft Libxml2 2.4.23 XMLSoft Libxml2 2.4.22 XMLSoft Libxml2 2.4.21 XMLSoft Libxml2 2.4.20 XMLSoft Libxml2 2.4.19 XMLSoft Libxml2 2.4.18 XMLSoft Libxml2 2.4.17 XMLSoft Libxml2 2.4.16 XMLSoft Libxml2 2.4.15 XMLSoft Libxml2 2.4.14 XMLSoft Libxml2 2.4.13 XMLSoft Libxml2 2.4.12 XMLSoft Libxml2 2.4.11 XMLSoft Libxml2 2.4.10 XMLSoft Libxml2 2.4.9 XMLSoft Libxml2 2.4.8 XMLSoft Libxml2 2.4.7 XMLSoft Libxml2 2.4.6 XMLSoft Libxml2 2.4.5 XMLSoft Libxml2 2.4.4 XMLSoft Libxml2 2.4.3 XMLSoft Libxml2 2.4.2 XMLSoft Libxml2 2.3.14 XMLSoft Libxml2 2.3.13 XMLSoft Libxml2 2.3.12 XMLSoft Libxml2 2.3.10 XMLSoft Libxml2 2.3.8 XMLSoft Libxml2 2.3.7 XMLSoft Libxml2 2.3.6 XMLSoft Libxml2 2.3.5 XMLSoft Libxml2 2.3.4 XMLSoft Libxml2 2.2.11 XMLSoft Libxml2 2.2.10 XMLSoft Libxml2 2.2.7 XMLSoft Libxml2 2.2.6 XMLSoft Libxml2 2.2.5 XMLSoft Libxml2 2.2.4 XMLSoft Libxml2 2.2.3 XMLSoft Libxml2 2.9.3 XMLSoft Libxml2 2.9.2 XMLSoft Libxml2 2.9.1 XMLSoft Libxml2 2.6.29 XMLSoft Libxml2 2.6.28 XMLSoft Libxml2 2.6.27 XMLSoft Libxml2 2.6.25 XMLSoft Libxml2 2.6.0 XMLSoft Libxml2 2.5.7 XMLSoft Libxml2 2.5.0 XMLSoft Libxml2 2.4.25 XMLSoft Libxml2 2.4.1 XMLSoft Libxml2 2.3.3 XMLSoft Libxml2 2.3.2 XMLSoft Libxml2 2.3.11 XMLSoft Libxml2 2.3.1 XMLSoft Libxml2 2.3.0 XMLSoft Libxml2 2.2.9 XMLSoft Libxml2 2.2.8 XMLSoft Libxml2 2.2.2 XMLSoft Libxml2 2.2.1 XMLSoft Libxml2 2.2.0 XMLSoft Libxml2 2.1.1 XMLSoft Libxml2 2.1.0 XMLSoft Libxml2 2.0.0 XMLSoft Libxml2 1.7.3 Oracle Solaris 11.3 IBM System Networking RackSwitch G8332 7.7.23.0 IBM System Networking RackSwitch G8316 7.9.17.0 IBM System Networking RackSwitch G8264T 7.9.17.0 IBM System Networking RackSwitch G8264CS 7.8.14.0 IBM System Networking RackSwitch G8264 7.9.17.0 IBM System Networking RackSwitch G8264 7.11.7.0 IBM System Networking RackSwitch G8124-E 7.9.17.0 IBM System Networking RackSwitch G8124-E 7.11.7.0 IBM System Networking RackSwitch G8124 7.9.17.0 IBM System Networking RackSwitch G8124 7.11.7.0 IBM System Networking RackSwitch G8052 7.9.17.0 IBM System Networking RackSwitch G8052 7.11.7.0 IBM Security Guardium Database Activity Monitor 10.1 IBM Security Guardium Database Activity Monitor 10.0.1 IBM Security Guardium Database Activity Monitor 10.0 IBM Cognos Business Intelligence Server 10.2.2 IBM Cognos Business Intelligence Server 10.2.1 1 IBM Cognos Business Intelligence Server 10.2.1 IBM Cognos Business Intelligence Server 10.1.1 IBM Cognos Business Intelligence Server 10.2 IBM BigFix Security Compliance Analytics 1.8 eSignal eSignal 6.0.2 Bluecoat Security Analytics Platform 7.1 Bluecoat Security Analytics Platform 7.0 Bluecoat Security Analytics Platform 6.6 Bluecoat Proxysg 6.6 Bluecoat Proxysg 6.5 Bluecoat Norman Network Protection 5.3 Bluecoat Industrial Control Systems Network Scanner 5.3 Bluecoat Industrial Control System Protection 5.3 Bluecoat Director 6.1 Bluecoat AuthConnector 2.5 Bluecoat Advanced Secure Gateway 6.6 Apple watchOS 2.2.1 Apple watchOS 2.0.1 Apple watchOS 1.0.1 Apple watchOS 2.2 Apple watchOS 2.1 Apple watchOS 2.0 Apple watchOS 1.0 Apple Watch 0 Apple tvOS 9.2.1 Apple tvOS 9.1.1 Apple tvOS 9.2 Apple tvOS 9.1 Apple tvOS 9.0 Apple TV 0 Apple Safari 9.1.1 Apple Safari 9.0.3 Apple Safari 9.0.2 Apple Safari 9.0.1 Apple Safari 8.0.8 Apple Safari 8.0.6 Apple Safari 8.0.5 Apple Safari 8.0.4 Apple Safari 8.0.1 Apple Safari 7.1.8 Apple Safari 7.1.6 Apple Safari 7.1.5 Apple Safari 7.1.4 Apple Safari 7.1.1 Apple Safari 7.1 Apple Safari 7.0.6 Apple Safari 7.0.3 Apple Safari 7.0.1 Apple Safari 6.2.8 Apple Safari 6.2.6 Apple Safari 6.2.5 Apple Safari 6.2.4 Apple Safari 6.2.1 Apple Safari 6.1.6 Apple Safari 6.1.3 Apple Safari 6.1.1 Apple Safari 6.0.5 Apple Safari 6.0.4 Apple Safari 6.0.3 Apple Safari 6.0.2 Apple Safari 6.0.1 Apple Safari 5.1.10 Apple Safari 5.1.6 Apple Safari 5.1.5 Apple Safari 5.0.6 Apple Safari 4.0.5 Apple Safari 4.0.4 Apple Safari 4.0.3 Apple Safari 4.0.2 Apple Safari 4.0.1 Apple Safari 3.2.3 Apple Safari 3.1.2 Apple Safari 3.1.1 Apple Safari 2.0.4 Apple Safari 2.0.3 Apple Safari 2.0.2 Apple Safari 2.0.1 Apple Safari 1.3.2 Apple Safari 1.3.1 Apple Safari 1.3 Apple Safari 1.2.3 Apple Safari 1.2.2 Apple Safari 1.2.1 Apple Safari 1.2 Apple Safari 1.1 Apple Safari 1.0 Apple Safari 9.1 Apple Safari 9 Apple Safari 8.0.7 Apple Safari 8.0.3 Apple Safari 8.0.2 Apple Safari 8.0 Apple Safari 7.1.7 Apple Safari 7.1.3 Apple Safari 7.1.2 Apple Safari 7.0.5 Apple Safari 7.0.4 Apple Safari 7.0.2 Apple Safari 6.2.7 Apple Safari 6.2.3 Apple Safari 6.2.2 Apple Safari 6.2 Apple Safari 6.1.5 Apple Safari 6.1.4 Apple Safari 6.1.2 Apple Safari 6.1 Apple Safari 6.0 Apple Safari 5.34 Apple Safari 5.33 Apple Safari 5.31 Apple Safari 5.1.7 Apple Safari 5.1.4 Apple Safari 5.1.3 Apple Safari 5.1.2 Apple Safari 5.1.1 Apple Safari 5.1 Apple Safari 5.0.5 Apple Safari 5.0.4 Apple Safari 5.0.3 Apple Safari 5.0.2 Apple Safari 5.0.1 Apple Safari 5.0 Apple Safari 4.31 Apple Safari 4.30 Apple Safari 4.28 Apple Safari 4.1.3 Apple Safari 4.1.2 Apple Safari 4.1.1 Apple Safari 4.1 Apple Safari 4.0 Apple Safari 4 Apple Safari 3.52 Apple Safari 3.2 Apple Safari 3.1 Apple Safari 3 Apple Mac Os X 10.11.3 Apple Mac Os X 10.11.2 Apple Mac Os X 10.11.1 Apple Mac Os X 10.11.5 Apple Mac Os X 10.11.4 Apple Mac Os X 10.11 Apple iTunes 12.3.2 Apple iTunes 12.3.1 Apple iTunes 11.2.1 Apple iTunes 11.1.5 Apple iTunes 11.1.4 Apple iTunes 11.1.3 Apple iTunes 11.1.2 Apple iTunes 11.1.1 Apple iTunes 11.0.5 Apple iTunes 11.0.4 Apple iTunes 11.0.2 Apple iTunes 10.6.3 Apple iTunes 10.6.1 Apple iTunes 10.5.1 Apple iTunes 10.1.2 Apple iTunes 9.2.1 Apple iTunes 9.0.2 Apple iTunes 9.0.1 .8 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 7.3.2 Apple iTunes 7.3.1 Apple iTunes 7.3 Apple iTunes 7.0.2 Apple iTunes 6.0.5 Apple iTunes 6.0.4 Apple iTunes 6.0.3 Apple iTunes 6.0.1 Apple iTunes 6.0 Apple iTunes 5.0 Apple iTunes 4.8 Apple iTunes 4.7.1 Apple iTunes 4.7 Apple iTunes 4.6 Apple iTunes 4.5 Apple iTunes 4.2 .72 Apple iTunes 9.2 Apple iTunes 9.1.1 Apple iTunes 9.1 Apple iTunes 9.0.3 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 12.4 Apple iTunes 12.3 Apple iTunes 12.2 Apple iTunes 12.0.1 Apple iTunes 11.2 Apple iTunes 11.1 Apple iTunes 11.0.3 Apple iTunes 11.0.1 Apple iTunes 11.0.0.163 Apple iTunes 11.0 Apple iTunes 10.7 Apple iTunes 10.6.1.7 Apple iTunes 10.6 Apple iTunes 10.5.3 Apple iTunes 10.5.2 Apple iTunes 10.5.1.42 Apple iTunes 10.5 Apple iTunes 10.4.1.10 Apple iTunes 10.4.1 Apple iTunes 10.4.0.80 Apple iTunes 10.4 Apple iTunes 10.3.1 Apple iTunes 10.3 Apple iTunes 10.2.2.12 Apple iTunes 10.2.2 Apple iTunes 10.2 Apple iTunes 10.1.1.4 Apple iTunes 10.1.1 Apple iTunes 10.1 Apple iTunes 10.0.1 Apple iTunes 10 Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 5 0 Apple iOS 4 0 Apple iOS 9.3.2 Apple iOS 9.3.1 Apple iOS 9.2.1 Apple iOS 9.0.2 Apple iOS 9.0.1 Apple iOS 8.4.1 Apple iOS 7.2 Apple iOS 7.0.6 Apple iOS 7.0.5 Apple iOS 7.0.3 Apple iOS 7.0.2 Apple iOS 7.0.1 Apple iOS 6.3.1 Apple iOS 6.1.6 Apple iOS 6.1.4 Apple iOS 6.1.3 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 3.2.2 Apple iOS 3.2.1 Apple iOS 9.3 Apple iOS 9.2 Apple iOS 9.1 Apple iOS 9 Apple iOS 8.4 Apple iOS 8.3 Apple iOS 8.2 Apple iOS 8.1.3 Apple iOS 8.1.2 Apple iOS 8.1.1 Apple iOS 8.1 Apple iOS 8 Apple iOS 7.1.2 Apple iOS 7.1.1 Apple iOS 7.1 Apple iOS 7.0.4 Apple iOS 7 Apple iOS 6.1 Apple iOS 6.0.2 Apple iOS 6.0.1 Apple iOS 6 Apple iOS 5.1.1 Apple iOS 5.1 Apple iOS 5.0.1 Apple iOS 5 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 Apple iOS 3.2 Apple iOS 3.1 Apple iOS 3.0 Apple iOS 2.1 Apple iOS 2.0 |
Not Vulnerable: |
Oracle Solaris 11.3 SRU11.6 Apple watchOS 2.2.2 Apple tvOS 9.2.2 Apple Safari 9.1.2 Apple Mac Os X 10.11.6 Apple Mac Os X Security Update 2016 Apple iTunes 12.4.2 Apple iOS 9.3.3 |
Discussion
Libxml2 'xmlsave.c' Denial of Service Vulnerability
Libxml2 is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed.
Libxml2 is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application; denying service to legitimate users. Due to the nature of this issue, code-execution may be possible but this has not been confirmed.
Exploit / POC
Libxml2 'xmlsave.c' Denial of Service Vulnerability
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: http://.
Currently, we are not aware of any exploits. If you feel we are in error or if you are aware of any more recent information, please mail us at: http://.
Solution / Fix
Libxml2 'xmlsave.c' Denial of Service Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Libxml2 'xmlsave.c' Denial of Service Vulnerability
References:
References:
- CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode (Gustavo Grieco)
- libxml2 Homepage (xmlsoft)
- migr-5099466: Vulnerabilities in libxml2 affect IBM RackSwitch Networking produc (IBM)
- Oracle Solaris Third Party Bulletin - July 2016 (Oracle)
- SA129: Multiple libxml2 Vulnerabilities (Bluecoat)
- swg21990364: IBM Security Guardium Database Activity Monitor is affected by Open (IBM)
- swg21991911:Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (C (IBM)
- swg21995691: IBM Cognos Business Intelligence Server 2016Q4 Security Updater : I (IBM)