CVE-2016-9597

Published: 30 July 2018

It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

Notes

AuthorNote
mdeslaur
Red Hat bug states this CVE is for a Red Hat specific regression
that duplicated other public CVEs
"missing/incorrect fix for CVE-2016-3705 in the Red Hat JBoss
Core Services."

References

Bugs