Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com

CVE-2016-3627

Description

The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

POC

Reference

- http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

- https://kc.mcafee.com/corporate/index?page=content&id=SB10170

Github

No PoCs found on GitHub currently.