Denial of Service Vulnerability in Expat XML Parser by Expat
CVE-2016-4472

8.1HIGH

Key Information:

Vendor
Libexpat Project
Status
Libexpat
Vendor
CVE Published:
30 June 2016

Summary

A flaw exists in the Expat XML Parser that allows remote attackers to exploit the parser's handling of XML data. When certain optimization settings are in use, the overflow protection is compromised, potentially causing a denial of service or enabling remote code execution through specially crafted XML input. This vulnerability arises from an incomplete fix associated with previous vulnerabilities, underscoring the importance of timely updates and patches to maintain system integrity.

References

https://www.tenable.com/security/tns-2016-20
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1344251
x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-3013-1
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.