CVE-2016-4463
Description
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
38.346
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0.8.0 | Windows |
| Xerces-c security update (CESA-2016:0430) xerces-c-3.1.1-9.el7.i686.rpm | Linux |
| Xerces-c security update (CESA-2016:0430) xerces-c-3.1.1-9.el7.x86_64.rpm | Linux |
| Xerces-c security update (CESA-2016:0430) xerces-c-doc-3.1.1-9.el7.noarch.rpm | Linux |
| Xerces-c security update (CESA-2016:0430) xerces-c-devel-3.1.1-9.el7.i686.rpm | Linux |
| Xerces-c security update (CESA-2016:0430) xerces-c-devel-3.1.1-9.el7.x86_64.rpm | Linux |
| (RHSA-2018:3506) xerces-c security update xerces-c-3.1.1-8.el7_5.1.i686.rpm | Linux |
| (RHSA-2018:3506) xerces-c security update xerces-c-3.1.1-8.el7_5.1.x86_64.rpm | Linux |
| (RHSA-2018:3506) xerces-c security update xerces-c-devel-3.1.1-8.el7_5.1.i686.rpm | Linux |
| (RHSA-2018:3506) xerces-c security update xerces-c-devel-3.1.1-8.el7_5.1.x86_64.rpm | Linux |
| (RHSA-2018:3506) xerces-c security update xerces-c-doc-3.1.1-8.el7_5.1.noarch.rpm | Linux |
| (RHSA-2018:3514) xerces-c security update xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm | Linux |
| SUSE-SU-2016:2154-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxerces-c-3_1-3.1.1-12.3.x86_64.rpm | Linux |
| SUSE-SU-2016:2154-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxerces-c-3_1-32bit-3.1.1-12.3.x86_64.rpm | Linux |
| SUSE-SU-2016:2154-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxerces-c-3_1-debuginfo-3.1.1-12.3.x86_64.rpm | Linux |
| SUSE-SU-2016:2154-1(SUSE Linux Enterprise Desktop 12-SP1 ) libxerces-c-3_1-debuginfo-32bit-3.1.1-12.3.x86_64.rpm | Linux |
| SUSE-SU-2016:2154-1(SUSE Linux Enterprise Desktop 12-SP1 ) xerces-c-debuginfo-3.1.1-12.3.x86_64.rpm | Linux |
| SUSE-SU-2016:2154-1(SUSE Linux Enterprise Desktop 12-SP1 ) xerces-c-debugsource-3.1.1-12.3.x86_64.rpm | Linux |
| (RHSA-2018:3335) xerces-c security update xerces-c-3.1.1-9.el7.i686.rpm | Linux |
| (RHSA-2018:3335) xerces-c security update xerces-c-3.1.1-9.el7.x86_64.rpm | Linux |
| (RHSA-2018:3335) xerces-c security update xerces-c-devel-3.1.1-9.el7.i686.rpm | Linux |
| (RHSA-2018:3335) xerces-c security update xerces-c-devel-3.1.1-9.el7.x86_64.rpm | Linux |
| (RHSA-2018:3335) xerces-c security update xerces-c-doc-3.1.1-9.el7.noarch.rpm | Linux |
| (CESA-2018:3514) xerces-c security update xerces-c-doc-3.1.1-8.el7_4.1.noarch.rpm | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4463) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234