PT-2016-3271 · Xmlsoft+5 · Libxml2+5

Andrej Nemec

Publicado

2016-03-12

Atualizado

2023-02-12

CVE-2016-4448

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.4

Description The issue is related to a format string vulnerability in the libxml2 library. This vulnerability may allow attackers to have an unspecified impact through format string specifiers in unknown vectors. The vulnerability is associated with the use of an uncontrolled format string in the LIBXML ATTR FORMAT function of the libxml2 library. Exploitation of the vulnerability could allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LIBXML ATTR FORMAT function until a patch is available.

Correção

Use of Externally-Controlled Format String

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-134

Identificadores relacionados

ALT-PU-2016-1221

BDU:2018-01273

CESA-2016_1292

CVE-2016-4448

MGASA-2016-0263

OPENSUSE-SU-2016_1595-1

RHSA-2016:1292

RHSA-2016_1292

SUSE-SU-2016:1538-1

SUSE-SU-2016:1604-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

USN-3235-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libxml2

PT-2016-3271 · Xmlsoft+5 · Libxml2+5

CVE-2016-4448

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 79