1. Home
  2. CVE Database
  3. CVE-2016-3705
HIGH · 7.5

CVE-2016-3705

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause...

Vulnerability Description

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CanonicalUbuntu Linux12.04
XmlsoftLibxml22.9.3
DebianDebian Linux8.0
HpIcewall Federation Agent3.0
HpIcewall File Manager3.0
OpensuseLeap42.1

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2016-3705?

CVE-2016-3705 is a vulnerability with a CVSS score of 7.5 (HIGH). The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause...

How severe is CVE-2016-3705?

CVE-2016-3705 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-3705?

Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Xmlsoft Libxml2, Debian Debian Linux, Hp Icewall Federation Agent, Hp Icewall File Manager.