CVE-2016-4472
Description
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.271
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.43 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.11 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.13 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.5.5.7 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 8.0.0.10 | Windows |
| Multiple vulnerabilities are fixed in IBM HTTP 7.0.0.37 | Windows |
| Vulnerabilities CVE-2016-4472,CVE-2016-0718,CVE-2012-1148,CVE-2012-0876 are fixed in IBM HTTP 9.0.0.2 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.43 | Windows |
| Vulnerabilities CVE-2012-1148,CVE-2012-0876,CVE-2016-4472,CVE-2016-0718 are fixed in IBM WebSphere 9.0.0.2 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.11 | Windows |
| Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.13 | Windows |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-c++4_1.16.33-3.1ubuntu5.2_i386.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-c++4_1.16.33-3.1ubuntu5.2_amd64.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-core-c3_1.16.33-3.1ubuntu5.2_i386.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-core-c3_1.16.33-3.1ubuntu5.2_amd64.deb | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) libpython3_4m1_0-debuginfo-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debuginfo-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-base-debugsource-3.4.10-25.39.2.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-curses-debuginfo-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debuginfo-3.4.10-25.39.3.x86_64.rpm | Linux |
| SUSE-SU-2020:0497-1(SUSE Linux Enterprise Desktop 12-SP4 ) python3-debugsource-3.4.10-25.39.3.x86_64.rpm | Linux |
| XML Parser Toolkit, runtime libraries (USN-7199-1) libxmltok1t64_1.2-4.1ubuntu3.1_amd64.deb | Linux |
| library for rendering vector based animations and art (USN-7198-1) libxmltok1t64_1.2-4.1ubuntu3.1_amd64.deb | Linux |
| Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4472) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234