ID CVE-2016-4570
Summary The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
References
Vulnerable Configurations
  • cpe:2.3:a:msweet:mini-xml:2.7
    cpe:2.3:a:msweet:mini-xml:2.7
  • cpe:2.3:a:msweet:mini-xml:2.9
    cpe:2.3:a:msweet:mini-xml:2.9
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
CVSS
Base: 7.1 (as of 06-02-2017 - 13:58)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-44821F9576.NASL
    description Update to 2.9 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2017-02-15
    plugin id 92088
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92088
    title Fedora 24 : mxml (2016-44821f9576)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1641.NASL
    description Several stack exhaustion conditions were found in mxml that can easily crash when parsing xml files. CVE-2016-4570 The mxmlDelete function in mxml-node.c allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. CVE-2016-4571 The mxml_write_node function in mxml-file.c allows remote attackers to cause a denial of service (stack consumption) via crafted xml file CVE-2018-20004 A stack-based buffer overflow in mxml_write_node via vectors involving a double-precision floating point number. For Debian 8 'Jessie', these problems have been fixed in version 2.6-2+deb8u1. We recommend that you upgrade your mxml packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-04
    plugin id 121397
    published 2019-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121397
    title Debian DLA-1641-1 : mxml security update
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-380.NASL
    description This update for mxml fixes the following issues : - CVE-2016-4570: Specially crafted XML files could have caused stack exhaustation (bsc#979205) - CVE-2016-4571: Specially crafted XML files could have caused stack exhaustation (bsc#979206)
    last seen 2019-02-21
    modified 2017-03-28
    plugin id 99015
    published 2017-03-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99015
    title openSUSE Security Update : mxml (openSUSE-2017-380)
refmap via4
bid 90315
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1334648
mlist
  • [debian-lts-announce] 20190125 [SECURITY] [DLA 1641-1] mxml security update
  • [oss-security] 20160509 Re: CVE requested: two stack exhaustation parsing xml files using mxml
  • [oss-security] 20160511 Re: CVE requested: two stack exhaustation parsing xml files using mxml
Last major update 07-02-2017 - 15:56
Published 03-02-2017 - 10:59
Last modified 05-03-2019 - 15:51
Back to Top