Lucene search

[email protected]NVD:CVE-2016-0718

HistoryMay 26, 2016 - 4:59 p.m.

CVE-2016-0718

2016-05-2616:59:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.008

Percentile

81.9%

JSON

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Affected configurations

Nvd

Node

mozillafirefoxRange<48.0

Node

applemac_os_xRange10.11.0–10.11.5

Node

suselinux_enterprise_debuginfoMatch11sp4

susestudio_onsiteMatch1.3

suselinux_enterprise_serverMatch11sp4

suselinux_enterprise_software_development_kitMatch11sp4

Node

opensuseleapMatch42.1

Node

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_desktopMatch12sp1

suselinux_enterprise_serverMatch12-

suselinux_enterprise_serverMatch12sp1

suselinux_enterprise_software_development_kitMatch12-

suselinux_enterprise_software_development_kitMatch12sp1

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch14.04lts

canonicalubuntu_linuxMatch16.04lts

Node

libexpat_projectlibexpatRange<2.2.0

Node

debiandebian_linuxMatch8.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

mcafeepolicy_auditorRange<6.5.1

Node

pythonpythonRange2.7.0–2.7.15

pythonpythonRange3.3.0–3.3.7

pythonpythonRange3.4.0–3.4.7

pythonpythonRange3.5.0–3.5.4

pythonpythonRange3.6.0–3.6.2

VendorProductVersionCPE
mozillafirefox*cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
applemac_os_x*cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
suselinux_enterprise_debuginfo11cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
susestudio_onsite1.3cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
suselinux_enterprise_software_development_kit11cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*
opensuseleap42.1cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
suselinux_enterprise_desktop12cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
suselinux_enterprise_desktop12cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
suselinux_enterprise_server12cpe:2.3:o:suse:linux_enterprise_server:12:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox	*	cpe:2.3:a:mozilla:firefox::::::::
apple	mac_os_x	*	cpe:2.3:o:apple:mac_os_x::::::::
suse	linux_enterprise_debuginfo	11	cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4::::::
suse	studio_onsite	1.3	cpe:2.3:a:suse:studio_onsite:1.3:::::::*
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp4::::::
suse	linux_enterprise_software_development_kit	11	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
opensuse	leap	42.1	cpe:2.3:o:opensuse:leap:42.1:::::::*
suse	linux_enterprise_desktop	12	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
suse	linux_enterprise_desktop	12	cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1::::::
suse	linux_enterprise_server	12	cpe:2.3:o:suse:linux_enterprise_server:12:-::::::