Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2016-5131 |
CWE-ID | CWE-416 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
libxml2 (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU33135
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5131
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing vectors related to the XPointer range-to function. A remote attackers can cause a denial of service or execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionslibxml2 (Alpine package): 2.9.0-r0 - 2.9.4-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=1647bdc21ffc22aacee5ea142d372445d1fd5b03
http://git.alpinelinux.org/aports/commit/?id=5e57be93778177ca048236091d2814a4ad205903
http://git.alpinelinux.org/aports/commit/?id=9ba0323ae03ecb1319c9174e281260c37544fa1d
http://git.alpinelinux.org/aports/commit/?id=a6c278e2f3d21e7ffc9b25ad0cd3845c3caafcf9
http://git.alpinelinux.org/aports/commit/?id=a49c9e6942d3d44160b5470c06957e99a8191d7f
http://git.alpinelinux.org/aports/commit/?id=80f4efd8ae07abf0f36afd88e30f5a1ed1f94628
http://git.alpinelinux.org/aports/commit/?id=a8ef9c16d812122791a1c0db9b959b334dca251a
http://git.alpinelinux.org/aports/commit/?id=bcc94c075904765e11b35a719e373388fbb4cf5b
http://git.alpinelinux.org/aports/commit/?id=db47c66f69ce6d0298c4052d013b8f8728504218
http://git.alpinelinux.org/aports/commit/?id=dcaf79da3440ea80eafc856d1f3306fca8269e22
http://git.alpinelinux.org/aports/commit/?id=fe32be2999c838cc28f459e3423958e5237b0626
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.