Buffer Underread Vulnerability in libxml2 Affecting Multiple Platforms
CVE-2016-4447

7.5HIGH

Key Information:

Vendor
HP
Status
Icewall Federation Agent
Vendor
CVE Published:
9 June 2016

Summary

The xmlParseElementDecl function in libxml2 versions before 2.9.4 is vulnerable to a buffer underread issue, which can lead to a denial of service. An attacker can exploit this vulnerability by supplying a crafted XML file that causes the application to crash. This edge case occurs during the parsing process, specifically within the xmlParseName function, allowing context-dependent attackers to disrupt service and impact system reliability.

References

http://www.oracle.com/technetwork/topics/security/ovmbull...
x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM
http://www.slackware.com/security/viewer.php?l=slackware-...
vendor-advisoryx_refsource_SLACKWARE

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.