Lucene search

PRIOn knowledge basePRION:CVE-2016-1836

HistoryMay 20, 2016 - 10:59 a.m.

Design/Logic Flaw

2016-05-2010:59:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

84.5%

JSON

Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.

CPENameOperatorVersion
iphone_oslt9.3.2
mac_os_xlt10.11.5
tvoslt9.2.1
watchoslt2.2.1
ubuntu_linuxeq12.04
ubuntu_linuxeq16.04
ubuntu_linuxeq15.10
ubuntu_linuxeq14.04
debian_linuxeq8.0
web_gatewayge7.5.0.0

Name	Operator	Version
iphone_os	lt	9.3.2
mac_os_x	lt	10.11.5
tvos	lt	9.2.1
watchos	lt	2.2.1
ubuntu_linux	eq	12.04
ubuntu_linux	eq	16.04
ubuntu_linux	eq	15.10
ubuntu_linux	eq	14.04
debian_linux	eq	8.0
web_gateway	ge	7.5.0.0

Rows per page:

1-10 of 321

References

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

lists.apple.com/archives/security-announce/2016/May/msg00001.html

lists.apple.com/archives/security-announce/2016/May/msg00002.html

lists.apple.com/archives/security-announce/2016/May/msg00003.html

lists.apple.com/archives/security-announce/2016/May/msg00004.html

rhn.redhat.com/errata/RHSA-2016-2957.html

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/90691

www.securitytracker.com/id/1035890

www.ubuntu.com/usn/USN-2994-1

xmlsoft.org/news.html

access.redhat.com/errata/RHSA-2016:1292

bugzilla.gnome.org/show_bug.cgi?id=759398

git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0

kc.mcafee.com/corporate/index?page=content&id=SB10170

security.gentoo.org/glsa/201701-37

support.apple.com/HT206564

support.apple.com/HT206566

support.apple.com/HT206567

support.apple.com/HT206568

support.apple.com/HT206899

support.apple.com/HT206901

support.apple.com/HT206902

support.apple.com/HT206903

support.apple.com/HT206904

support.apple.com/HT206905

www.debian.org/security/2016/dsa-3593

www.tenable.com/security/tns-2016-18

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

84.5%

JSON

Related for PRION:CVE-2016-1836