CVE-2016-0718
Description
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.827
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update for Mozilla Firefox (48.0) | Windows |
| Update for Mozilla Firefox x64 (48.0) | Windows |
| Update for Mozilla Firefox (48.0.1) | Windows |
| Update for Mozilla Firefox x64 (48.0.1) | Windows |
| Update for Mozilla Firefox (48.0.2) | Windows |
| Update for Mozilla Firefox x64 (48.0.2) | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.43 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.11 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.13 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.7 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.10 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.37 | Windows |
| Vulnerabilities CVE-2016-4472,CVE-2016-0718,CVE-2012-1148,CVE-2012-0876 are fixed in IBM HTTP 9.0.0.2 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43 | Windows |
| Vulnerabilities CVE-2012-1148,CVE-2012-0876,CVE-2016-4472,CVE-2016-0718 are fixed in IBM WebSphere 9.0.0.2 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.11 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.13 | Windows |
| Vulnerabilities CVE-2016-0718,CVE-2016-1000028,CVE-2016-1000029 are fixed in Nessus 6.8 | Windows |
| Vulnerabilities CVE-2016-0718,CVE-2016-1000028,CVE-2016-1000029 are fixed in Tenable Nessus 6.8 | Windows |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (48.0) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (48.0.1) | Mac |
| Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (48.0.2) | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Update | Mac |
| Multiple vulnerabilities are fixed in OS X El Capitan 10.11.6 Combo Update | Mac |
| XML parsing C library (USN-2983-1) libexpat1_2.1.0-4ubuntu1.2_i386.deb | Linux |
| XML parsing C library (USN-2983-1) libexpat1_2.1.0-4ubuntu1.2_amd64.deb | Linux |
| XML parsing C library (USN-2983-1) libexpat1_2.0.1-7.2ubuntu1.3_i386.deb | Linux |
| XML parsing C library (USN-2983-1) libexpat1_2.0.1-7.2ubuntu1.3_amd64.deb | Linux |
| XML parsing C library (USN-2983-1) libexpat1_2.1.0-7ubuntu0.15.10.1_i386.deb | Linux |
| XML parsing C library (USN-2983-1) libexpat1_2.1.0-7ubuntu0.15.10.1_amd64.deb | Linux |
| XML parsing C library (USN-2983-1) libexpat1_2.1.0-7ubuntu0.16.04.1_i386.deb | Linux |
| XML parsing C library (USN-2983-1) libexpat1_2.1.0-7ubuntu0.16.04.1_amd64.deb | Linux |
| XML parsing C library (USN-2983-1) lib64expat1_2.1.0-4ubuntu1.2_i386.deb | Linux |
| XML parsing C library (USN-2983-1) lib64expat1_2.0.1-7.2ubuntu1.3_i386.deb | Linux |
| XML parsing C library (USN-2983-1) lib64expat1_2.1.0-7ubuntu0.15.10.1_i386.deb | Linux |
| XML parsing C library (USN-2983-1) lib64expat1_2.1.0-7ubuntu0.16.04.1_i386.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-c++4_1.16.33-3.1ubuntu5.2_i386.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-c++4_1.16.33-3.1ubuntu5.2_amd64.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-core-c3_1.16.33-3.1ubuntu5.2_i386.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-core-c3_1.16.33-3.1ubuntu5.2_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.12.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.12.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.14.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.14.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.16.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.16.04.1_amd64.deb | Linux |
| Expat security update (CESA-2016:2824) expat-2.0.1-13.el6_8.i686.rpm | Linux |
| Expat security update (CESA-2016:2824) expat-2.0.1-13.el6_8.x86_64.rpm | Linux |
| Expat security update (CESA-2016:2824) expat-devel-2.0.1-13.el6_8.i686.rpm | Linux |
| Expat security update (CESA-2016:2824) expat-devel-2.0.1-13.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-2.0.1-13.el6_8.i686.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-2.0.1-13.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-2.1.0-10.el7_3.i686.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-2.1.0-10.el7_3.x86_64.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-devel-2.0.1-13.el6_8.i686.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-devel-2.0.1-13.el6_8.x86_64.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-devel-2.1.0-10.el7_3.i686.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-devel-2.1.0-10.el7_3.x86_64.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-static-2.1.0-10.el7_3.i686.rpm | Linux |
| (RHSA-2016:2824) Moderate: expat security update expat-static-2.1.0-10.el7_3.x86_64.rpm | Linux |
| SUSE-SU-2016:1508-1(SUSE Linux Enterprise Desktop 12 ) expat-2.1.0-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1508-1(SUSE Linux Enterprise Desktop 12 ) expat-debuginfo-2.1.0-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1508-1(SUSE Linux Enterprise Desktop 12 ) expat-debuginfo-32bit-2.1.0-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1508-1(SUSE Linux Enterprise Desktop 12 ) expat-debugsource-2.1.0-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1508-1(SUSE Linux Enterprise Desktop 12 ) libexpat1-2.1.0-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1508-1(SUSE Linux Enterprise Desktop 12 ) libexpat1-32bit-2.1.0-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1508-1(SUSE Linux Enterprise Desktop 12 ) libexpat1-debuginfo-2.1.0-17.1.x86_64.rpm | Linux |
| SUSE-SU-2016:1508-1(SUSE Linux Enterprise Desktop 12 ) libexpat1-debuginfo-32bit-2.1.0-17.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-debuginfo-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debuginfo-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debugsource-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-debuginfo-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debuginfo-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debugsource-3.4.10-25.39.3.x86_64.rpm | Linux |
| Expat update (ELSA-2016-2824) expat-2.0.1-13.el6_8.x86_64.rpm | Linux |
| Expat-devel update (ELSA-2016-2824) expat-devel-2.0.1-13.el6_8.x86_64.rpm | Linux |
| Expat update (ELSA-2016-2824) expat-2.0.1-13.el6_8.i686.rpm | Linux |
| Expat-devel update (ELSA-2016-2824) expat-devel-2.0.1-13.el6_8.i686.rpm | Linux |
| Expat update (ELSA-2016-2824) expat-2.1.0-10.el7_3.x86_64.rpm | Linux |
| Expat-devel update (ELSA-2016-2824) expat-devel-2.1.0-10.el7_3.x86_64.rpm | Linux |
| Expat-static update (ELSA-2016-2824) expat-static-2.1.0-10.el7_3.x86_64.rpm | Linux |
| Expat update (ELSA-2016-2824) expat-2.1.0-10.el7_3.i686.rpm | Linux |
| Expat-devel update (ELSA-2016-2824) expat-devel-2.1.0-10.el7_3.i686.rpm | Linux |
| Expat-static update (ELSA-2016-2824) expat-static-2.1.0-10.el7_3.i686.rpm | Linux |
| XML Parser Toolkit, runtime libraries (USN-7199-1) libxmltok1t64_1.2-4.1ubuntu3.1_amd64.deb | Linux |
| library for rendering vector based animations and art (USN-7198-1) libxmltok1t64_1.2-4.1ubuntu3.1_amd64.deb | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-0718) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-344482 | Mozilla Firefox (134.0.1) |
| PATCH-302216 | Update for Mozilla Firefox x64 (48.0) |
| PATCH-344482 | Mozilla Firefox (134.0.1) |
| PATCH-304013 | Update for Mozilla Firefox x64 (48.0.1) |
| PATCH-344482 | Mozilla Firefox (134.0.1) |
| PATCH-304032 | Update for Mozilla Firefox x64 (48.0.2) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-600753 | OS X El Capitan 10.11.6 Update |
| PATCH-600754 | OS X El Capitan 10.11.6 Combo Update |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234