CVE-2016-9596

Published: Aug 16, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.

Affected (2)

Products: Redhat: Jboss Core Services · Xmlsoft: Libxml2

1 product

Jboss Core Services

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Core Services	All versions
Xmlsoft Libxml2	Before 2.9.4

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1408302

Source: secalert@redhat.com

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=1408302

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

Timeline

No history available yet.