Lucene search

[email protected]CVE-2016-0729

HistoryApr 07, 2016 - 9:59 p.m.

CVE-2016-0729

2016-04-0721:59:01

CWE-119

[email protected]

web.nvd.nist.gov

apache

xerces-c

xml parser

buffer overflow

denial of service

code execution

cve-2016-0729

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.

Affected configurations

NVD

Node

samsungx14j_firmwareMatcht-ms14jakucb-1102.5

Node

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

fedoraprojectfedoraMatch24

CPENameOperatorVersion
samsung:x14j_firmwaresamsung x14j firmwareeqt-ms14jakucb-1102.5

CPE	Name	Operator	Version
samsung:x14j_firmware	samsung x14j firmware	eq	t-ms14jakucb-1102.5

References

lists.fedoraproject.org/pipermail/package-announce/2016-April/182062.html

lists.fedoraproject.org/pipermail/package-announce/2016-April/182131.html

lists.fedoraproject.org/pipermail/package-announce/2016-April/182597.html

lists.opensuse.org/opensuse-updates/2016-04/msg00012.html

lists.opensuse.org/opensuse-updates/2016-04/msg00086.html

lists.opensuse.org/opensuse-updates/2016-07/msg00053.html

packetstormsecurity.com/files/135949/Apache-Xerces-C-XML-Parser-Buffer-Overflow.html

svn.apache.org/viewvc?view=revision&revision=1727978

www.debian.org/security/2016/dsa-3493

www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/archive/1/537620/100/0/threaded

www.securityfocus.com/bid/83423

www.securitytracker.com/id/1035113

xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt

issues.apache.org/jira/browse/XERCESC-2061

security.gentoo.org/glsa/201612-46

www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for CVE-2016-0729

freebsd1 nessus19 debian3 mageia1 osv1 prion3 ibm23 fedora6 ubuntucve1 openvas15 centos1 cvelist1 debiancve1 nvd3 oraclelinux1 symantec1 redhat1 gentoo1 cve2 oracle3