Published: 25/09/2016 Updated: 13/03/2019

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

xpointer.c in libxml2 prior to 2.9.5 (as used in Apple iOS prior to 10, OS X prior to 10.12, tvOS prior to 10, and watchOS prior to 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote malicious users to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple iphone os
apple mac os x
apple tvos
apple watchos
xmlsoft libxml2

Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update for openshift-gitops-applicationset-container, openshift-gitops-container, openshift-gitops-kam-delivery-container, and openshift-gitops-operator-container is now available for Red Hat OpenShift GitOps 12 (GitOps v122)Re ...

Several security issues were fixed in libxml2 ...

Debian Bug report logs - #840553 libxml2: CVE-2016-4658 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 12 Oct 2016 18:18:02 UTC Severity: grave Tags: fixed-upstream, patch, secur ...

Debian Bug report logs - #840554 libxml2: CVE-2016-5131 Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 12 Oct 2016 18:21:01 UTC Severity: grave Tags: fixed-upstream, patch, secur ...

xpointerc in libxml2 before 295 (as used in Apple iOS before 10, OS X before 1012, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document ( ...

A use-after-free vulnerability via namespace nodes in XPointer ranges was found in libxml2 ...

Critical Infrastructure Sectors: Critical Manufacturing

Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit.

Nagios check_bundle_audit Nagios plugin to monitor ruby applications for security vulnerabilities via bundler-audit Installation Install the bundler-audit gem Download the check_bundle_audit script and make it executable Define a new command in the Nagios config, eg define command { command_name check_bundle_audit command_line $USER1$/check_bundle_audit -p /

CWE-119 http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html https://support.apple.com/HT207170 https://support.apple.com/HT207143 http://lists.apple.com/archives/security-announce/2016/Sep/msg00010.html https://support.apple.com/HT207141 https://support.apple.com/HT207142 http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html http://lists.apple.com/archives/security-announce/2016/Sep/msg00006.html http://www.securityfocus.com/bid/93054 https://security.gentoo.org/glsa/201701-37 http://www.securitytracker.com/id/1038623 http://www.securitytracker.com/id/1036858 https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b https://access.redhat.com/errata/RHSA-2022:0580 https://usn.ubuntu.com/3235-1/https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2016-4658

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect