Lucene search
F5F5:K54225343HistoryJul 18, 2016 - 12:00 a.m.
K54225343 : libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
2016-07-1800:00:00
my.f5.com
23
Security Advisory Description
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.
Impact
A remote attacker may be able to cause a denial-of-service (DoS) attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 |
Related
mageia
mageia
Updated libxml2 packages fix security vulnerability
2016-05-20 14:38:30
ibm
ibm
nessus
nessus
openSUSE Security Update : libxml2 (openSUSE-2016-662)
2016-06-01 00:00:00
F5 Networks BIG-IP : libxml2 vulnerabilities (K54225343)
2016-12-21 00:00:00
openSUSE Security Update : libxml2 (openSUSE-2016-583)
2016-05-16 00:00:00
f5
f5
SOL54225343 - libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
2016-07-18 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2016-0187)
2022-01-28 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1205-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2016:1204-1)
2021-04-19 00:00:00
redhatcve
redhatcve
veracode
veracode
Denial Of Service (DoS)
2018-05-23 08:03:32
Denial Of Service (DoS)
2019-05-02 05:34:53
Vulnerable Through Use Of C Library
2017-04-12 01:37:48
prion
prion
Design/Logic Flaw
2016-05-17 14:08:00
Code injection
2016-05-17 14:08:00
Out-of-bounds
2017-04-11 16:59:00
cvelist
cvelist
cve
cve
packetstorm
packetstorm
libxml 2.9.2 Stack Overflow
2016-05-03 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
nvd
nvd
archlinux
archlinux
libxml2: multiple issues
2016-05-26 00:00:00
suse
suse
Security update for libxml2 (important)
2016-06-16 13:08:21
Security update for libxml2 (important)
2016-06-17 15:08:25
Security update for libxml2 (important)
2016-06-09 18:07:56
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2016-05-23 00:00:00
oraclelinux
oraclelinux
libxml2 security update
2016-06-23 00:00:00
altlinux
altlinux
amazon
amazon
Important: libxml2
2016-07-14 16:30:00
redhat
redhat
(RHSA-2016:1292) Important: libxml2 security update
2016-06-23 08:21:08
centos
centos
libxml2 security update
2016-06-23 15:28:21
debian
debian
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DSA 3593-1] libxml2 security update
2016-06-02 20:28:31
[SECURITY] [DLA 503-1] libxml2 security update
2016-06-03 19:22:01
ubuntu
ubuntu
libxml2 vulnerabilities
2016-06-06 00:00:00
cloudfoundry
cloudfoundry
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
osv
osv
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47