CVE-2016-0718: Buffer Overflow
First published: Wed Jan 06 2016(Updated: )
An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/expat | <0:2.0.1-13.el6_8 | 0:2.0.1-13.el6_8 |
| redhat/expat | <0:2.1.0-10.el7_3 | 0:2.1.0-10.el7_3 |
| debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1+deb12u1 2.6.4-1 | |
| debian/firefox | 135.0-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 128.7.0esr-1~deb11u1 128.5.0esr-1~deb12u1 128.7.0esr-1~deb12u1 128.7.0esr-1 | |
| Android | ||
| Mozilla Firefox | <48.0 | |
| Apple iOS and macOS | >=10.11.0<=10.11.5 | |
| SUSE Linux Enterprise Debuginfo | =11-sp4 | |
| SUSE Studio Onsite | =1.3 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp4 | |
| openSUSE | =42.1 | |
| SUSE Linux Enterprise Desktop with Beagle | =12 | |
| SUSE Linux Enterprise Desktop with Beagle | =12-sp1 | |
| SUSE Linux Enterprise Server | =12 | |
| SUSE Linux Enterprise Server | =12-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp1 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =16.04 | |
| Debian (libexpat1) | <2.2.0 | |
| Debian | =8.0 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| McAfee Policy Auditor | <6.5.1 | |
| Python Babel Localedata | >=2.7.0<2.7.15 | |
| Python Babel Localedata | >=3.3.0<3.3.7 | |
| Python Babel Localedata | >=3.4.0<3.4.7 | |
| Python Babel Localedata | >=3.5.0<3.5.4 | |
| Python Babel Localedata | >=3.6.0<3.6.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2016-0718 https://nvd.nist.gov/vuln/detail/CVE-2016-0718
- https://bugzilla.redhat.com/show_bug.cgi?id=1296102
- https://access.redhat.com/errata/RHSA-2016:2824
- https://access.redhat.com/errata/RHSA-2018:2486
- https://access.redhat.com/security/cve/CVE-2016-0718
- http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
- http://www.securitytracker.com/id/1036348
- http://www.securitytracker.com/id/1036415
- http://www.securitytracker.com/id/1037705
- http://seclists.org/fulldisclosure/2017/Feb/68
- http://www.securityfocus.com/bid/90729
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
- http://www.debian.org/security/2016/dsa-3582
- https://security.gentoo.org/glsa/201701-21
- http://rhn.redhat.com/errata/RHSA-2016-2824.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html
- http://www.ubuntu.com/usn/USN-2983-1
- http://www.ubuntu.com/usn/USN-3044-1
- http://www.openwall.com/lists/oss-security/2016/05/17/12
- http://support.eset.com/ca6333/
- http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://source.android.com/security/bulletin/2016-11-01.html
- https://support.apple.com/HT206903
- https://www.tenable.com/security/tns-2016-20
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
- https://launchpad.net/bugs/cve/CVE-2016-0718
- https://github.com/tiran/expat/commit/9c6ca6b0ae8a7c13153fdd48b5360988c2fdae80
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1156016&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1156016&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337115
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337116
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337118
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337119
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337117
- http://seclists.org/oss-sec/2016/q2/360
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1159904&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1159904&action=edit
- https://rhn.redhat.com/errata/RHSA-2016-2824.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238300&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238300&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238301&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238301&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238302&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238302&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238499&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238499&action=edit
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://android.googlesource.com/platform/external/expat/+/52ac633b73856ded34b33bd4adb4ab793bbbe963
- https://source.android.com/docs/security/bulletin/2016-11-01 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
- https://nvd.nist.gov/vuln/detail/CVE-2016-0718
- https://security-tracker.debian.org/tracker/CVE-2016-0718
- https://ubuntu.com/security/CVE-2016-0718
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
Frequently Asked Questions
What is the severity of CVE-2016-0718?
CVE-2016-0718 has been assigned a moderate severity level due to the potential for a remote attacker to exploit the vulnerability.
How do I fix CVE-2016-0718?
To resolve CVE-2016-0718, upgrade to the patched versions of Expat as specified in vendor advisories, such as Red Hat or Debian.
What systems are affected by CVE-2016-0718?
CVE-2016-0718 affects multiple applications and platforms that utilize the Expat XML parsing library, notably including specific versions of Firefox and several Linux distributions.
What are the potential impacts of CVE-2016-0718?
Exploitation of CVE-2016-0718 may lead to application crashes or arbitrary code execution with the permissions of the user running the application.
Is there a workaround for CVE-2016-0718?
There are no known workarounds for CVE-2016-0718; updating to a secure version is the recommended approach.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0718
- agent/weakness
- agent/severity
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/trending
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/source
- agent/event
- agent/author
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/android-source
- source/Android
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/google
- canonical/android
- vendor/mozilla
- canonical/mozilla firefox
- vendor/apple
- canonical/apple ios and macos
- version/apple ios and macos/10.11.0
- version/apple ios and macos/10.11.5
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11-sp4
- canonical/suse studio onsite
- version/suse studio onsite/1.3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp4
- vendor/opensuse
- canonical/opensuse
- version/opensuse/42.1
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/12
- version/suse linux enterprise desktop with beagle/12-sp1
- version/suse linux enterprise server/12
- version/suse linux enterprise server/12-sp1
- version/suse linux enterprise software development kit/12
- version/suse linux enterprise software development kit/12-sp1
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/16.04
- vendor/libexpat project
- canonical/debian (libexpat1)
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/mcafee
- canonical/mcafee policy auditor
- vendor/python
- canonical/python babel localedata
- version/python babel localedata/2.7.0
- version/python babel localedata/3.3.0
- version/python babel localedata/3.4.0
- version/python babel localedata/3.5.0
- version/python babel localedata/3.6.0