CVE-2016-5300
Description
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
2.202
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| XML parsing C library (USN-3010-1) libexpat1_2.1.0-4ubuntu1.3_i386.deb | Linux |
| XML parsing C library (USN-3010-1) libexpat1_2.1.0-4ubuntu1.3_amd64.deb | Linux |
| XML parsing C library (USN-3010-1) libexpat1_2.0.1-7.2ubuntu1.4_i386.deb | Linux |
| XML parsing C library (USN-3010-1) libexpat1_2.0.1-7.2ubuntu1.4_amd64.deb | Linux |
| XML parsing C library (USN-3010-1) libexpat1_2.1.0-7ubuntu0.15.10.2_i386.deb | Linux |
| XML parsing C library (USN-3010-1) libexpat1_2.1.0-7ubuntu0.15.10.2_amd64.deb | Linux |
| XML parsing C library (USN-3010-1) libexpat1_2.1.0-7ubuntu0.16.04.2_i386.deb | Linux |
| XML parsing C library (USN-3010-1) libexpat1_2.1.0-7ubuntu0.16.04.2_amd64.deb | Linux |
| XML parsing C library (USN-3010-1) lib64expat1_2.1.0-4ubuntu1.3_i386.deb | Linux |
| XML parsing C library (USN-3010-1) lib64expat1_2.0.1-7.2ubuntu1.4_i386.deb | Linux |
| XML parsing C library (USN-3010-1) lib64expat1_2.1.0-7ubuntu0.15.10.2_i386.deb | Linux |
| XML parsing C library (USN-3010-1) lib64expat1_2.1.0-7ubuntu0.16.04.2_i386.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-c++4_1.16.33-3.1ubuntu5.2_i386.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-c++4_1.16.33-3.1ubuntu5.2_amd64.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-core-c3_1.16.33-3.1ubuntu5.2_i386.deb | Linux |
| Lightweight RPC library based on XML and HTTP (USN-3013-1) libxmlrpc-core-c3_1.16.33-3.1ubuntu5.2_amd64.deb | Linux |
| SUSE-SU-2017:0424-1(SUSE Linux Enterprise Desktop 12-SP1 ) expat-2.1.0-20.2.x86_64.rpm | Linux |
| SUSE-SU-2017:0424-1(SUSE Linux Enterprise Desktop 12-SP1 ) expat-debuginfo-2.1.0-20.2.x86_64.rpm | Linux |
| SUSE-SU-2017:0424-1(SUSE Linux Enterprise Desktop 12-SP1 ) expat-debuginfo-32bit-2.1.0-20.2.x86_64.rpm | Linux |
| SUSE-SU-2017:0424-1(SUSE Linux Enterprise Desktop 12-SP1 ) expat-debugsource-2.1.0-20.2.x86_64.rpm | Linux |
| SUSE-SU-2017:0424-1(SUSE Linux Enterprise Desktop 12-SP1 ) libexpat1-2.1.0-20.2.x86_64.rpm | Linux |
| SUSE-SU-2017:0424-1(SUSE Linux Enterprise Desktop 12-SP1 ) libexpat1-32bit-2.1.0-20.2.x86_64.rpm | Linux |
| SUSE-SU-2017:0424-1(SUSE Linux Enterprise Desktop 12-SP1 ) libexpat1-debuginfo-2.1.0-20.2.x86_64.rpm | Linux |
| SUSE-SU-2017:0424-1(SUSE Linux Enterprise Desktop 12-SP1 ) libexpat1-debuginfo-32bit-2.1.0-20.2.x86_64.rpm | Linux |
| CVE-2016-5300 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234