CVE-2016-3627 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 46%

Vendor	Product	Version
opensuse	leap	42.1
debian	debian_linux	8.0
hp	icewall_federation_agent	3.0
hp	icewall_file_manager	3.0
xmlsoft	libxml2	𝑥 ≤ 2.9.3
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	15.10
canonical	ubuntu_linux	16.04
redhat	jboss_core_services	-
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_desktop	7.0
redhat	enterprise_linux_eus	7.2
redhat	enterprise_linux_eus	7.3
redhat	enterprise_linux_eus	7.4
redhat	enterprise_linux_eus	7.5
redhat	enterprise_linux_eus	7.6
redhat	enterprise_linux_eus	7.7
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server	7.0
redhat	enterprise_linux_server_aus	7.2
redhat	enterprise_linux_server_aus	7.4
redhat	enterprise_linux_server_aus	7.6
redhat	enterprise_linux_workstation	6.0
redhat	enterprise_linux_workstation	7.0
oracle	vm_server	3.3
oracle	vm_server	3.4
oracle	solaris	11.3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libxml2

bullseye	2.9.10+dfsg-6.7+deb11u4 fixed
bullseye (security)	2.9.10+dfsg-6.7+deb11u5 fixed
bookworm	2.9.14+dfsg-1.3~deb12u1 fixed
sid	2.12.7+dfsg+really2.9.14-0.1 fixed
trixie	2.12.7+dfsg+really2.9.14-0.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

libxml2

zesty	not-affected
yakkety	not-affected
xenial	Fixed 2.9.3+dfsg1-1ubuntu0.1 released
wily	Fixed 2.9.2+zdfsg1-4ubuntu0.4 released
trusty	Fixed 2.9.1+dfsg1-3ubuntu4.8 released
precise	Fixed 2.7.8.dfsg-5.1ubuntu4.15 released

Common Weakness Enumeration

CWE-674 - Uncontrolled Recursion
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

References

http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://seclists.org/fulldisclosure/2016/May/10

http://www.openwall.com/lists/oss-security/2016/03/21/2

http://www.openwall.com/lists/oss-security/2016/03/21/3

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/84992

http://www.securitytracker.com/id/1035335

http://www.ubuntu.com/usn/USN-2994-1

https://access.redhat.com/errata/RHSA-2016:1292

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

https://security.gentoo.org/glsa/201701-37

https://www.debian.org/security/2016/dsa-3593

https://www.tenable.com/security/tns-2016-18

http://lists.opensuse.org/opensuse-updates/2016-05/msg00055.html

http://lists.opensuse.org/opensuse-updates/2016-05/msg00127.html

http://rhn.redhat.com/errata/RHSA-2016-2957.html

http://seclists.org/fulldisclosure/2016/May/10

http://www.openwall.com/lists/oss-security/2016/03/21/2

http://www.openwall.com/lists/oss-security/2016/03/21/3

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://www.securityfocus.com/bid/84992

http://www.securitytracker.com/id/1035335

http://www.ubuntu.com/usn/USN-2994-1

https://access.redhat.com/errata/RHSA-2016:1292

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157239

https://kc.mcafee.com/corporate/index?page=content&id=SB10170

https://security.gentoo.org/glsa/201701-37

https://www.debian.org/security/2016/dsa-3593

https://www.tenable.com/security/tns-2016-18