PT-2016-5016 · Apache+3 · Apache Xerces-C+3

Gustavo Grieco

Published

2016-05-13

Updated

2024-06-15

CVE-2016-2099

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apache Xerces C++ versions 3.1.3 and earlier

Description A use-after-free issue exists in the validators/DTD/DTDScanner.cpp component, allowing context-dependent attackers to have an unspecified impact by including an invalid character in an XML document.

Recommendations For Apache Xerces C++ versions 3.1.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2016-1794

CVE-2016-2099

DLA-467-1

DSA-3579-1

MGASA-2016-0189

OPENSUSE-SU-2024:10039-1

SUSE-SU-2016:2154-1

SUSE-SU-2016_2154-1

USN-4784-1

Affected Products

Alt Linux

Apache Xerces-C

Suse

Ubuntu

PT-2016-5016 · Apache+3 · Apache Xerces-C+3

CVE-2016-2099

Related Identifiers

Affected Products

References · 34