CVE-2016-0729

Impact:
Important
Public Date:
2016-02-25
CWE:
CWE-120
Bugzilla:
1312231: CVE-2016-0729 xerces-c: parser crashes on malformed input
It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application.

Find out more about CVE-2016-0729 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 7 (xerces-c) RHSA-2016:0430 2016-03-10

Affected Packages State

Platform Package State
Red Hat OpenShift Enterprise 2 xerces-c Will not fix
Red Hat Enterprise MRG 3 xerces-c Will not fix
Red Hat Enterprise MRG 2 xerces-c Will not fix
Red Hat Enterprise Linux 6 xerces-c Not affected

Acknowledgements

Red Hat would like to thank Gustavo Grieco for reporting this issue.

External References

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.