Lucene search

[email protected]CVE-2016-4448

HistoryJun 09, 2016 - 4:59 p.m.

CVE-2016-4448

2016-06-0916:59:06

CWE-134

[email protected]

web.nvd.nist.gov

121

cve-2016-4448

nvd

format string vulnerability

libxml2

unspecified impact

security

vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

Affected configurations

NVD

Node

hpicewall_federation_agentMatch3.0

AND

redhatenterprise_linuxMatch6.0

redhatenterprise_linuxMatch7.0

Node

applewatchosRange≤2.2.1

Node

applemac_os_xRange<10.11.6

Node

xmlsoftlibxml2Range≤2.9.3

Node

appleicloudRange<5.2.1

AND

microsoftwindowsMatch-

Node

appleiphone_osRange≤9.3.2

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch7.2

redhatenterprise_linux_server_ausMatch7.3

redhatenterprise_linux_server_ausMatch7.4

redhatenterprise_linux_server_ausMatch7.6

redhatenterprise_linux_server_ausMatch7.7

redhatenterprise_linux_server_eusMatch7.2

redhatenterprise_linux_server_eusMatch7.3

redhatenterprise_linux_server_eusMatch7.4

redhatenterprise_linux_server_eusMatch7.5

redhatenterprise_linux_server_eusMatch7.6

redhatenterprise_linux_server_eusMatch7.7

redhatenterprise_linux_server_tusMatch7.2

redhatenterprise_linux_server_tusMatch7.3

redhatenterprise_linux_server_tusMatch7.6

redhatenterprise_linux_server_tusMatch7.7

redhatenterprise_linux_workstationMatch6.0

redhatenterprise_linux_workstationMatch7.0

Node

appleitunesRange≤12.4.1

AND

microsoftwindows

Node

slackwareslackware_linuxMatch14.0

slackwareslackware_linuxMatch14.1

Node

oraclevm_serverMatch3.3

oraclevm_serverMatch3.4

Node

appletvosRange≤9.2.1

Node

tenablelog_correlation_engineMatch4.8.0

Node

mcafeeweb_gatewayRange≤7.5.2.10

mcafeeweb_gatewayRange7.6.0.0–7.6.2.3

Node

oraclelinuxMatch6

oraclelinuxMatch70

CPENameOperatorVersion
hp:icewall_federation_agenthp icewall federation agenteq3.0

CPE	Name	Operator	Version
hp:icewall_federation_agent	hp icewall federation agent	eq	3.0

References

lists.apple.com/archives/security-announce/2016/Jul/msg00000.html

lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

lists.apple.com/archives/security-announce/2016/Jul/msg00002.html

lists.apple.com/archives/security-announce/2016/Jul/msg00003.html

lists.apple.com/archives/security-announce/2016/Jul/msg00005.html

rhn.redhat.com/errata/RHSA-2016-2957.html

www.openwall.com/lists/oss-security/2016/05/25/2

www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

www.securityfocus.com/bid/90856

www.securitytracker.com/id/1036348

www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722

xmlsoft.org/news.html

access.redhat.com/errata/RHSA-2016:1292

bugzilla.redhat.com/show_bug.cgi?id=1338700

git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9

git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709

kc.mcafee.com/corporate/index?page=content&id=SB10170

support.apple.com/HT206899

support.apple.com/HT206901

support.apple.com/HT206902

support.apple.com/HT206903

support.apple.com/HT206904

support.apple.com/HT206905

www.tenable.com/security/tns-2016-18

Social References

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.7%

JSON

Related for CVE-2016-4448

f52 ubuntucve1 veracode1 prion1 cvelist1 nvd1 redhatcve1 debiancve1 openvas19 cloudfoundry1 slackware1 ibm20 nessus23 ubuntu1 centos1 oraclelinux1 suse5 redhat2 amazon1 apple12 fedora2 mageia1 symantec1 tenable1