Vulnerabilities

CVE-2016-3705

by Fred · 17/05/2016

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

Date published : 2016-05-17

http://www.securityfocus.com/bid/89854

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

Similar

Tags: Cybersecurity Alert