CVE-2016-4448

CVSS V2 High 10 CVSS V3 Critical 9.8
Description
Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.
Overview
  • CVE ID
  • CVE-2016-4448
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2016-06-09T16:59:06
  • Last Modified Date
  • 2023-02-12T23:21:18
Weakness Enumerations
CWE URL
CWE-134 http://cwe.mitre.org/data/definitions/134.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* 1 OR 2.2.1
AND
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* 1 OR 10.11.6
AND
cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:* 1 OR 2.9.3
AND
cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:* 1 OR 5.2.1
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* 1 OR 9.3.2
AND
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:* 1 OR 12.4.1
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:slackware:slackware_linux:14.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:slackware:slackware_linux:14.1:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:oracle:vm_server:3.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:oracle:vm_server:3.4:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* 1 OR 9.2.1
AND
cpe:2.3:a:tenable:log_correlation_engine:4.8.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* 1 OR 7.5.2.10
cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:* 1 OR 7.6.0.0 7.6.2.3
AND
cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:oracle:linux:7:0:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html Mailing List Release Notes
http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html Mailing List Release Notes
http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html Mailing List Release Notes
http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html Mailing List Release Notes
http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html Mailing List Release Notes
http://rhn.redhat.com/errata/RHSA-2016-2957.html Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/05/25/2 Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html Vendor Advisory
http://www.securityfocus.com/bid/90856 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1036348 Third Party Advisory VDB Entry
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.404722 Third Party Advisory
http://xmlsoft.org/news.html Release Notes
https://access.redhat.com/errata/RHSA-2016:1292 Third Party Advisory
https://access.redhat.com/errata/RHSA-2016:2957
https://access.redhat.com/security/cve/CVE-2016-4448
https://bugzilla.redhat.com/show_bug.cgi?id=1338700 Issue Tracking Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9 Vendor Advisory
https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b Vendor Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05194709 Third Party Advisory
https://kc.mcafee.com/corporate/index?page=content&id=SB10170 Third Party Advisory
https://support.apple.com/HT206899 Release Notes
https://support.apple.com/HT206901 Release Notes
https://support.apple.com/HT206902 Release Notes
https://support.apple.com/HT206903 Release Notes
https://support.apple.com/HT206904 Release Notes
https://support.apple.com/HT206905 Release Notes
https://www.tenable.com/security/tns-2016-18 Third Party Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2016-4448
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4448
History
Created Old Value New Value Data Type Notes
2022-05-10 16:55:54 Added to TrackCVE
2022-12-02 09:50:41 2016-06-09T16:59Z 2016-06-09T16:59:06 CVE Published Date updated
2022-12-02 09:50:41 2019-12-27T16:08:47 CVE Modified Date updated
2022-12-02 09:50:41 Analyzed Vulnerability Status updated
2023-02-02 22:06:14 2023-02-02T21:16:57 CVE Modified Date updated
2023-02-02 22:06:14 Analyzed Modified Vulnerability Status updated
2023-02-02 22:06:15 Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. CVE-2016-4448 libxml2: Format string vulnerability Description updated
2023-02-02 22:06:23 References updated
2023-02-13 00:05:49 2023-02-12T23:21:18 CVE Modified Date updated
2023-02-13 00:05:49 CVE-2016-4448 libxml2: Format string vulnerability Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors. Description updated