#VU12378 XXE attack in expat - CVE-2016-4472


Vulnerability identifier: #VU12378

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2016-4472

CWE-ID: CWE-611

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
expat
Universal components / Libraries / Libraries used by multiple products

Vendor: libexpat.org

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to the overflow protection in Expat is removed by compilers with certain optimization settings. A remote attacker can supply specially crafted XML data and cause the service to crash.

The vulnerability exists due to incomplete fix for CVE-2015-1283 and CVE-2015-2716.

Mitigation
Install update from vendor's website.

Vulnerable software versions

expat: 1.95.0 - 2.2.4

External links
https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Dell NetWorker Management Console update for third-party components
Ubuntu update for libxmltok
Multiple vulnerabilities in Dell ThinOS
Slackware Linux update for python
Slackware Linux update for python
Gentoo update for Expat
XXE attack in expat (Alpine package)
Fedora 22 update for expat
Fedora 23 update for expat
Fedora 24 update for expat