Gustavo Grieco discovered that Expat incorrectly handled malformed XML data. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2016-0718)

Affected Products and Versions

_Severity is medium unless otherwise noted.
_

All versions of Cloud Foundry cflinuxfs2 prior to v.1.64.0

Mitigation

Users of affected versions should apply the following mitigation:

The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.64.0 or later versions

Credit

Gustavo Grieco

References

<http://www.ubuntu.com/usn/usn-2983-1/>
<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-0718.html>

nessus 45

openvas 40

prion 3

freebsd 4

ibm 22

debian 3

osv 3

f5 1

ubuntu 4

redhatcve 1

veracode 2

redhat 2

amazon 1

debiancve 1

cvelist 2

nvd 3

cve 3

centos 1

oraclelinux 1

ubuntucve 1

mageia 1

alpinelinux 1

mozilla 1

suse 8

archlinux 3

thn 1

zdt 1

packetstorm 1

seebug 1

fedora 3

slackware 3

gentoo 1

apple 6

androidsecurity 1

oracle 1

nessus

FreeBSD : expat -- denial of service vulnerability on malformed input (57b3aba7-1e25-11e6-8dd3-002590263bf5)

2016-05-20 00:00:00

EulerOS 2.0 SP1 : expat (EulerOS-SA-2017-1002)

2017-05-01 00:00:00

F5 Networks BIG-IP : Expat vulnerability (K52320548)

2017-09-19 00:00:00

openvas

RedHat Update for expat RHSA-2016:2824-01

2016-11-29 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2017-1002)

2020-01-23 00:00:00

Mageia: Security Advisory (MGASA-2016-0193)

2022-01-28 00:00:00

prion

Buffer overflow

2016-05-26 16:59:00

Design/Logic Flaw

2016-05-18 15:59:00

Code injection

2017-03-02 23:59:00

freebsd

expat -- denial of service vulnerability on malformed input

2016-05-17 00:00:00

Python 2.7 -- multiple vulnerabilities

2017-08-26 00:00:00

python 2.7 -- multiple vulnerabilities

2018-05-01 00:00:00

ibm

Security Bulletin: A vulnerability in expat affects PowerKVM

2018-06-18 01:34:46

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718)

2018-06-16 21:50:27

Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718)

2018-06-16 21:48:37

debian

[SECURITY] [DLA 483-1] expat security update

2016-05-19 20:04:46

[SECURITY] [DSA 3582-1] expat security update

2016-05-18 05:18:57

[SECURITY] [DSA 3582-1] expat security update

2016-05-18 05:18:57

osv

CVE-2016-0718

2016-05-26 16:59:00

expat - security update

2016-05-19 00:00:00

libxmltok vulnerabilities

2022-07-19 17:11:00

K52320548 : Expat vulnerability CVE-2016-0718

2017-09-18 00:00:00

ubuntu

Expat vulnerability

2016-05-18 00:00:00

XML-RPC for C and C++ vulnerabilities

2016-06-20 00:00:00

xmltok library vulnerabilities

2022-07-19 00:00:00

redhatcve

CVE-2016-0718

2020-04-05 04:55:48

veracode

Denial Of Service (DoS) Or Arbitrary Code Execution

2019-01-15 09:14:45

Denial Of Service (DoS) Or Arbitrary Code Execution

2017-02-01 03:14:43

redhat

(RHSA-2016:2824) Moderate: expat security update

2016-11-28 17:50:20

(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

2018-08-16 16:05:21

amazon

Medium: expat

2016-12-15 00:38:00

debiancve

CVE-2016-0718

2016-05-26 16:59:00

cvelist

CVE-2016-0718

2016-05-26 16:00:00

CVE-2016-9892

2017-03-02 23:00:00

nvd

CVE-2016-0718

2016-05-26 16:59:00

CVE-2016-9892

2017-03-02 23:59:00

CVE-2016-0719

2016-05-18 15:59:00

cve

CVE-2016-0718

2016-05-26 16:59:00

CVE-2016-0719

2016-05-18 15:59:00

CVE-2016-9892

2017-03-02 23:59:00

centos

expat security update

2016-11-28 22:32:29

oraclelinux

expat security update

2016-11-28 00:00:00

ubuntucve

CVE-2016-0718

2016-05-17 00:00:00

mageia

Updated expat packages fix security vulnerability

2016-05-20 14:38:30

alpinelinux

CVE-2016-0718

2016-05-26 16:59:00

mozilla

Out-of-bounds read during XML parsing in Expat library — Mozilla

2016-08-02 00:00:00

suse

Security update for expat (important)

2016-06-07 13:08:02

Security update for expat (important)

2016-05-30 14:09:21

Security update for expat (important)

2016-06-07 17:08:51

archlinux

expat: arbitrary code execution

2016-05-18 00:00:00

lib32-expat: arbitrary code execution

2016-05-18 00:00:00

firefox: multiple issues

2016-08-05 00:00:00

thn

Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking

2017-02-28 03:06:00

zdt

ESET Endpoint Antivirus 6 Remote Code Execution Exploit

2017-02-28 00:00:00

packetstorm

ESET Endpoint Antivirus 6 Remote Code Execution

2017-02-27 00:00:00

seebug

Remote Code Execution as Root via ESET Endpoint Antivirus 6（CVE-2016-9892）

2017-02-28 00:00:00

fedora

[SECURITY] Fedora 24 Update: expat-2.1.1-2.fc24

2016-06-21 19:27:49

[SECURITY] Fedora 23 Update: expat-2.1.1-2.fc23

2016-06-19 07:27:54

[SECURITY] Fedora 22 Update: expat-2.1.1-2.fc22

2016-07-12 02:27:38

slackware

[slackware-security] python

2017-09-23 06:33:04

[slackware-security] expat

2016-12-24 19:24:21

[slackware-security] python

2018-05-04 20:53:50

gentoo

Expat: Multiple vulnerabilities

2017-01-11 00:00:00

apple

About the security content of iTunes 12.6

2017-03-21 00:00:00

About the security content of iTunes 12.6 - Apple Support

2017-03-22 07:40:40

About the security content of iTunes 12.6 for Windows

2017-03-21 00:00:00

androidsecurity

Android Security Bulletin—November 2016

2016-11-07 00:00:00

oracle

CPU July 2018

2018-07-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CFOUNDRY:381607FCA8ED551B94852EC217ED57BD