[email protected]NVD:CVE-2016-0718

HistoryMay 26, 2016 - 4:59 p.m.

CVE-2016-0718

2016-05-2616:59:00

CWE-119

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Affected configurations

NVD

Node

mozillafirefoxRange<48.0

Node

applemac_os_xRange10.11.0–10.11.5

Node

suselinux_enterprise_debuginfoMatch11sp4

susestudio_onsiteMatch1.3

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_software_development_kitMatch11sp4

Node

opensuseleapMatch42.1

Node

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_serverMatch12-

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch12-

suselinux_enterprise_software_development_kitMatch12sp1

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

Node

libexpat_projectlibexpatRange<2.2.0

Node

debiandebian_linuxMatch8.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

mcafeepolicy_auditorRange<6.5.1

Node

pythonpythonRange2.7.0–2.7.15

pythonpythonRange3.3.0–3.3.7

pythonpythonRange3.4.0–3.4.7

pythonpythonRange3.5.0–3.5.4

pythonpythonRange3.6.0–3.6.2

References

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html

lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html

lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html

packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html

rhn.redhat.com/errata/RHSA-2016-2824.html

seclists.org/fulldisclosure/2017/Feb/68

support.eset.com/ca6333/

www.debian.org/security/2016/dsa-3582

www.mozilla.org/security/announce/2016/mfsa2016-68.html

www.openwall.com/lists/oss-security/2016/05/17/12

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.securityfocus.com/bid/90729

www.securitytracker.com/id/1036348

www.securitytracker.com/id/1036415

www.securitytracker.com/id/1037705

www.ubuntu.com/usn/USN-2983-1

www.ubuntu.com/usn/USN-3044-1

access.redhat.com/errata/RHSA-2018:2486

bugzilla.mozilla.org/show_bug.cgi?id=1236923

bugzilla.redhat.com/show_bug.cgi?id=1296102

kc.mcafee.com/corporate/index?page=content&id=SB10365

security.gentoo.org/glsa/201701-21

source.android.com/security/bulletin/2016-11-01.html

support.apple.com/HT206903

www.tenable.com/security/tns-2016-20

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

CVE-2016-0718

Affected configurations

References

Related