CVE-2016-3627

Published: May 17, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

Affected (28)

Products: Opensuse: Leap · Debian: Debian Linux · Hp: Icewall Federation Agent, Icewall File Manager · +4 more

Show all products

1 product

1 product

2 products

Icewall Federation Agent

Icewall File Manager

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

Jboss Core Services

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 42.1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Hp Icewall Federation Agent	Version 3.0
Hp Icewall File Manager	Version 3.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Xmlsoft Libxml2	Up to 2.9.3

Configuration E

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Configuration F

16 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Desktop	Version 7.0
Redhat Enterprise Linux Eus	Version 7.2
Redhat Enterprise Linux Eus	Version 7.3
Redhat Enterprise Linux Eus	Version 7.4
Redhat Enterprise Linux Eus	Version 7.5
Redhat Enterprise Linux Eus	Version 7.6
Redhat Enterprise Linux Eus	Version 7.7
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Enterprise Linux Server Aus	Version 7.2
Redhat Enterprise Linux Server Aus	Version 7.4
Redhat Enterprise Linux Server Aus	Version 7.6
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Enterprise Linux Workstation	Version 7.0
Redhat Jboss Core Services	All versions

Configuration G

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Solaris	Version 11.3
Oracle Vm Server	Version 3.3
Oracle Vm Server	Version 3.4

Related CWEs

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (36)

http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

Source: cve@mitre.org

Mailing List

http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html

Source: cve@mitre.org

Mailing List

http://rhn.redhat.com/errata/RHSA-2016-2957.html

Source: cve@mitre.org

Third Party Advisory

http://seclists.org/fulldisclosure/2016/May/10

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/03/21/2

Source: cve@mitre.org

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2016/03/21/3

Source: cve@mitre.org

Mailing List

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.securityfocus.com/bid/84992

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035335

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2994-1

Source: cve@mitre.org

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1292

Source: cve@mitre.org

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239

Source: cve@mitre.org

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

Source: cve@mitre.org

Broken Link

https://security.gentoo.org/glsa/201701-37

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2016/dsa-3593

Source: cve@mitre.org

Mailing List

https://www.tenable.com/security/tns-2016-18

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://rhn.redhat.com/errata/RHSA-2016-2957.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2016/May/10

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://www.openwall.com/lists/oss-security/2016/03/21/2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatch

http://www.openwall.com/lists/oss-security/2016/03/21/3

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.securityfocus.com/bid/84992

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1035335

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-2994-1

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2016:1292

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://security.gentoo.org/glsa/201701-37

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2016/dsa-3593

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List

https://www.tenable.com/security/tns-2016-18

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.