ID CVE-2016-2099
Summary Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
References
Vulnerable Configurations
  • Apache Software Foundation Xerces-C++ 3.1.3
    cpe:2.3:a:apache:xerces-c%2b%2b:3.1.3
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 10.0 (as of 28-12-2016 - 09:37)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-876.NASL
    description This update for xerces-c fixes the following issues : - CVE-2016-4463 Apache Xerces-C XML Parser Crashes on Malformed DT (boo#985860) - CVE-2016-2099 Exception handling mistake causing use after free (boo#979208)
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 92354
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92354
    title openSUSE Security Update : xerces-c (openSUSE-2016-876)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-0A061F6DD9.NASL
    description MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92226
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92226
    title Fedora 24 : mingw-xerces-c (2016-0a061f6dd9)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-7615FEBBD6.NASL
    description MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92257
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92257
    title Fedora 22 : mingw-xerces-c (2016-7615febbd6)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-87E8468465.NASL
    description MinGW cross compiled xerces-c 3.1.4, fixing CVE-2016-0729, CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92263
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92263
    title Fedora 23 : mingw-xerces-c (2016-87e8468465)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3579.NASL
    description Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 91174
    published 2016-05-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91174
    title Debian DSA-3579-1 : xerces-c - security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-833.NASL
    description xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++. It did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208).
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 91953
    published 2016-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91953
    title openSUSE Security Update : xerces-c (openSUSE-2016-833)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-467.NASL
    description XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 91107
    published 2016-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91107
    title Debian DLA-467-1 : xerces-c security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D2D6890690.NASL
    description Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92291
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92291
    title Fedora 23 : xerces-c (2016-d2d6890690)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2017-0008.NASL
    description An update of [xcerces-c,linux] packages for PhotonOS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 111857
    published 2018-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111857
    title Photon OS 1.0: Linux PHSA-2017-0008 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-2154-1.NASL
    description xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208). - CVE-2016-4463: Apache Xerces-C XML Parser crashed on malformed DTD (bnc#985860). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 93308
    published 2016-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93308
    title SUSE SLED12 / SLES12 Security Update : xerces-c (SUSE-SU-2016:2154-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201612-46.NASL
    description The remote host is affected by the vulnerability described in GLSA-201612-46 (Xerces-C++: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Xerces-C++. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a specially crafted file, possibly resulting in the remote execution of arbitrary code with the privileges of the process, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-12-27
    plugin id 96126
    published 2016-12-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96126
    title GLSA-201612-46 : Xerces-C++: Multiple vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_CB09A7AA534411E6A7BD14DAE9D210B8.NASL
    description Apache reports : The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 92575
    published 2016-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92575
    title FreeBSD : xercesi-c3 -- multiple vulnerabilities (cb09a7aa-5344-11e6-a7bd-14dae9d210b8)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-84373C5F4F.NASL
    description Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92262
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92262
    title Fedora 22 : xerces-c (2016-84373c5f4f)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-9284772686.NASL
    description Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92267
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92267
    title Fedora 24 : xerces-c (2016-9284772686)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-1046.NASL
    description xerces-c was updated to fix one security issue. This security issue was fixed : - CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208). - CVE-2016-4463: Apache Xerces-C XML Parser crashed on malformed DTD (bnc#985860). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-10-13
    plugin id 93336
    published 2016-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=93336
    title openSUSE Security Update : xerces-c (openSUSE-2016-1046)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL04253390.NASL
    description Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier does not properly handle exceptions raised in the XMLReader class, which allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. (CVE-2016-2099)
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 105466
    published 2017-12-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105466
    title F5 Networks BIG-IP : Apache Xerces vulnerability (K04253390)
refmap via4
bid 90502
confirm
debian DSA-3579
gentoo GLSA-201612-46
mlist [oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3
suse
  • openSUSE-SU-2016:1744
  • openSUSE-SU-2016:1808
  • openSUSE-SU-2016:2232
Last major update 27-12-2016 - 21:59
Published 13-05-2016 - 10:59
Last modified 30-10-2018 - 12:27
Back to Top