CVE-2016-0718: Buffer Overflow
First published: Wed Jan 06 2016(Updated: )
An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/expat | <0:2.0.1-13.el6_8 | 0:2.0.1-13.el6_8 |
| redhat/expat | <0:2.1.0-10.el7_3 | 0:2.1.0-10.el7_3 |
| Mozilla Firefox | <48.0 | |
| Apple Mac OS X | >=10.11.0<=10.11.5 | |
| SUSE Linux Enterprise Debuginfo | =11-sp4 | |
| SUSE Studio Onsite | =1.3 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp4 | |
| openSUSE Leap | =42.1 | |
| SUSE Linux Enterprise Desktop | =12 | |
| SUSE Linux Enterprise Desktop | =12-sp1 | |
| SUSE Linux Enterprise Server | =12 | |
| SUSE Linux Enterprise Server | =12-sp1 | |
| SUSE Linux Enterprise Software Development Kit | =12 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp1 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Libexpat Project Libexpat | <2.2.0 | |
| Debian Debian Linux | =8.0 | |
| openSUSE openSUSE | =13.1 | |
| openSUSE openSUSE | =13.2 | |
| McAfee Policy Auditor | <6.5.1 | |
| Python Python | >=2.7.0<2.7.15 | |
| Python Python | >=3.3.0<3.3.7 | |
| Python Python | >=3.4.0<3.4.7 | |
| Python Python | >=3.5.0<3.5.4 | |
| Python Python | >=3.6.0<3.6.2 | |
| Google Android | ||
| debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1 2.5.0-1+deb12u1 2.6.3-1 | |
| debian/firefox | 130.0.1-1 | |
| debian/firefox-esr | 115.14.0esr-1~deb11u1 115.15.0esr-1~deb11u1 115.14.0esr-1~deb12u1 115.15.0esr-1~deb12u1 115.15.0esr-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2016-0718 https://nvd.nist.gov/vuln/detail/CVE-2016-0718
- https://bugzilla.redhat.com/show_bug.cgi?id=1296102
- https://access.redhat.com/errata/RHSA-2016:2824
- https://access.redhat.com/errata/RHSA-2018:2486
- https://access.redhat.com/security/cve/CVE-2016-0718
- http://packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html
- http://www.securitytracker.com/id/1036348
- http://www.securitytracker.com/id/1036415
- http://www.securitytracker.com/id/1037705
- http://seclists.org/fulldisclosure/2017/Feb/68
- http://www.securityfocus.com/bid/90729
- http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html
- http://www.debian.org/security/2016/dsa-3582
- https://security.gentoo.org/glsa/201701-21
- http://rhn.redhat.com/errata/RHSA-2016-2824.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html
- http://www.ubuntu.com/usn/USN-2983-1
- http://www.ubuntu.com/usn/USN-3044-1
- http://www.openwall.com/lists/oss-security/2016/05/17/12
- http://support.eset.com/ca6333/
- http://www.mozilla.org/security/announce/2016/mfsa2016-68.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
- https://bugzilla.mozilla.org/show_bug.cgi?id=1236923
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://source.android.com/security/bulletin/2016-11-01.html
- https://support.apple.com/HT206903
- https://www.tenable.com/security/tns-2016-20
- http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
- https://launchpad.net/bugs/cve/CVE-2016-0718
- https://github.com/tiran/expat/commit/9c6ca6b0ae8a7c13153fdd48b5360988c2fdae80
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1156016&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1156016&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337115
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337116
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337118
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337119
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1337117
- http://seclists.org/oss-sec/2016/q2/360
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1159904&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1159904&action=edit
- https://rhn.redhat.com/errata/RHSA-2016-2824.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238300&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238300&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238301&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238301&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238302&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238302&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238499&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1238499&action=edit
- https://kc.mcafee.com/corporate/index?page=content&id=SB10365
- https://android.googlesource.com/platform/external/expat/+/52ac633b73856ded34b33bd4adb4ab793bbbe963
- https://source.android.com/docs/security/bulletin/2016-11-01 (Advisory)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
- https://nvd.nist.gov/vuln/detail/CVE-2016-0718
- https://security-tracker.debian.org/tracker/CVE-2016-0718
- https://ubuntu.com/security/CVE-2016-0718
- https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2016-0718
- agent/author
- agent/weakness
- agent/severity
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/android-source
- source/Android
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/remedy
- agent/references
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- package-manager/redhat
- vendor/mozilla
- canonical/mozilla firefox
- vendor/apple
- canonical/apple mac os x
- version/apple mac os x/10.11.0
- version/apple mac os x/10.11.5
- vendor/suse
- canonical/suse linux enterprise debuginfo
- version/suse linux enterprise debuginfo/11-sp4
- canonical/suse studio onsite
- version/suse studio onsite/1.3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/11-sp4
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/42.1
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/12
- version/suse linux enterprise desktop/12-sp1
- version/suse linux enterprise server/12
- version/suse linux enterprise server/12-sp1
- version/suse linux enterprise software development kit/12
- version/suse linux enterprise software development kit/12-sp1
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- vendor/libexpat project
- canonical/libexpat project libexpat
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- canonical/opensuse opensuse
- version/opensuse opensuse/13.1
- version/opensuse opensuse/13.2
- vendor/mcafee
- canonical/mcafee policy auditor
- vendor/python
- canonical/python python
- version/python python/2.7.0
- version/python python/3.3.0
- version/python python/3.4.0
- version/python python/3.5.0
- version/python python/3.6.0
- vendor/google
- canonical/google android
- package-manager/debian