CVE-2016-3705

Published: 17 May 2016

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

Priority

CVSS 3 base score: 7.5

Status

Package	Release	Status
libxml2 Launchpad, Ubuntu, Debian	Upstream	Released (2.9.4)





	Ubuntu 16.04 ESM (Xenial Xerus)	Released (2.9.3+dfsg1-1ubuntu0.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Released (2.9.1+dfsg1-3ubuntu4.8)
	Patches: Upstream: https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3705
http://seclists.org/fulldisclosure/2016/May/10
https://ubuntu.com/security/notices/USN-2994-1
NVD
Launchpad
Debian

Bugs

https://bugzilla.gnome.org/show_bug.cgi?id=765207
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823414

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›