libxml2 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition.
Information
XMLSoft Libxml2 2.7.8
XMLSoft Libxml2 2.7.7
XMLSoft Libxml2 2.7.6
XMLSoft Libxml2 2.7.5
XMLSoft Libxml2 2.7.4
XMLSoft Libxml2 2.7.3
XMLSoft Libxml2 2.7.2
XMLSoft Libxml2 2.7.1
XMLSoft Libxml2 2.7
XMLSoft Libxml2 2.6.32
XMLSoft Libxml2 2.6.31
XMLSoft Libxml2 2.6.30
XMLSoft Libxml2 2.6.26
XMLSoft Libxml2 2.6.24
XMLSoft Libxml2 2.6.23
XMLSoft Libxml2 2.6.22
XMLSoft Libxml2 2.6.21
XMLSoft Libxml2 2.6.20
XMLSoft Libxml2 2.6.18
XMLSoft Libxml2 2.6.17
XMLSoft Libxml2 2.6.16
XMLSoft Libxml2 2.6.15
XMLSoft Libxml2 2.6.14
XMLSoft Libxml2 2.6.13
XMLSoft Libxml2 2.6.12
XMLSoft Libxml2 2.6.11
XMLSoft Libxml2 2.6.9
XMLSoft Libxml2 2.6.8
XMLSoft Libxml2 2.6.7
XMLSoft Libxml2 2.6.6
XMLSoft Libxml2 2.6.5
XMLSoft Libxml2 2.6.4
XMLSoft Libxml2 2.6.3
XMLSoft Libxml2 2.6.2
XMLSoft Libxml2 2.6.1
XMLSoft Libxml2 2.5.11
XMLSoft Libxml2 2.5.10
XMLSoft Libxml2 2.5.8
XMLSoft Libxml2 2.5.4
XMLSoft Libxml2 2.5.1
XMLSoft Libxml2 2.4.30
XMLSoft Libxml2 2.4.29
XMLSoft Libxml2 2.4.28
XMLSoft Libxml2 2.4.27
XMLSoft Libxml2 2.4.26
XMLSoft Libxml2 2.4.24
XMLSoft Libxml2 2.4.23
XMLSoft Libxml2 2.4.22
XMLSoft Libxml2 2.4.21
XMLSoft Libxml2 2.4.20
XMLSoft Libxml2 2.4.19
XMLSoft Libxml2 2.4.18
XMLSoft Libxml2 2.4.17
XMLSoft Libxml2 2.4.16
XMLSoft Libxml2 2.4.15
XMLSoft Libxml2 2.4.14
XMLSoft Libxml2 2.4.13
XMLSoft Libxml2 2.4.12
XMLSoft Libxml2 2.4.11
XMLSoft Libxml2 2.4.10
XMLSoft Libxml2 2.4.9
XMLSoft Libxml2 2.4.8
XMLSoft Libxml2 2.4.7
XMLSoft Libxml2 2.4.6
XMLSoft Libxml2 2.4.5
XMLSoft Libxml2 2.4.4
XMLSoft Libxml2 2.4.3
XMLSoft Libxml2 2.4.2
XMLSoft Libxml2 2.3.14
XMLSoft Libxml2 2.3.13
XMLSoft Libxml2 2.3.12
XMLSoft Libxml2 2.3.10
XMLSoft Libxml2 2.3.8
XMLSoft Libxml2 2.3.7
XMLSoft Libxml2 2.3.6
XMLSoft Libxml2 2.3.5
XMLSoft Libxml2 2.3.4
XMLSoft Libxml2 2.2.11
XMLSoft Libxml2 2.2.10
XMLSoft Libxml2 2.2.7
XMLSoft Libxml2 2.2.6
XMLSoft Libxml2 2.2.5
XMLSoft Libxml2 2.2.4
XMLSoft Libxml2 2.2.3
XMLSoft Libxml2 1.8.14
XMLSoft Libxml2 1.8.10
XMLSoft Libxml2 1.8.9
XMLSoft Libxml2 1.8.5
XMLSoft Libxml2 1.8.4
XMLSoft Libxml2 1.8.3
XMLSoft Libxml2 1.8.1
XMLSoft Libxml2 1.8.1
XMLSoft Libxml2 1.7.4
XMLSoft Libxml2 1.7
XMLSoft Libxml2 2.9.3
XMLSoft Libxml2 2.9.2
XMLSoft Libxml2 2.9.1
XMLSoft Libxml2 2.6.29
XMLSoft Libxml2 2.6.28
XMLSoft Libxml2 2.6.27
XMLSoft Libxml2 2.6.25
XMLSoft Libxml2 2.6.0
XMLSoft Libxml2 2.5.7
XMLSoft Libxml2 2.5.0
XMLSoft Libxml2 2.4.25
XMLSoft Libxml2 2.4.1
XMLSoft Libxml2 2.3.3
XMLSoft Libxml2 2.3.2
XMLSoft Libxml2 2.3.11
XMLSoft Libxml2 2.3.1
XMLSoft Libxml2 2.3.0
XMLSoft Libxml2 2.2.9
XMLSoft Libxml2 2.2.8
XMLSoft Libxml2 2.2.2
XMLSoft Libxml2 2.2.1
XMLSoft Libxml2 2.2.0
XMLSoft Libxml2 2.1.1
XMLSoft Libxml2 2.1.0
XMLSoft Libxml2 2.0.0
XMLSoft Libxml2 1.8.7
XMLSoft Libxml2 1.8.6
XMLSoft Libxml2 1.8.13
XMLSoft Libxml2 1.7.3
XMLSoft Libxml2 1.7.2
XMLSoft Libxml2 1.7.1
Oracle VM Server for x86 3.4
Oracle VM Server for x86 3.3
Oracle Linux 7
Oracle Linux 6
McAfee Web Gateway 7.6.2.3
McAfee Web Gateway 7.6.2.2
McAfee Web Gateway 7.6.2.1
McAfee Web Gateway 7.6.2.0
McAfee Web Gateway 7.5.2.9
McAfee Web Gateway 7.5.2.8
McAfee Web Gateway 7.5.2.10
McAfee Email Gateway 7.6.405
McAfee Email Gateway 7.6.404
McAfee Email Gateway 7.6.403
McAfee Email Gateway 7.6.402
McAfee Email Gateway 7.6.401
McAfee Email Gateway 7.6.400
McAfee Email Gateway 7.6.4
McAfee Email Gateway 7.6.3
McAfee Email Gateway 7.6.2
McAfee Email Gateway 7.6.405h1165239
McAfee Email Gateway 7.6.405h1157986
McAfee Email Gateway 7.6.3.2
McAfee Email Gateway 7.6.3.1
McAfee Email Gateway 7.6.2h968406
McAfee Email Gateway 7.6.1
McAfee Email Gateway 7.6
Juniper JUNOS Space 15.2R2
Juniper JUNOS Space 15.2R1
Juniper JUNOS Space 15.1R2.11
Juniper JUNOS Space 15.1F2
Juniper JUNOS Space 14.1R1.9
Juniper JUNOS Space 14.1R1
Juniper JUNOS Space 13.3
Juniper JUNOS Space 12.3
Juniper JUNOS Space 12.1
Juniper JUNOS Space 11.2
Juniper JUNOS Space 1.3
IBM Virtual Fabric 10GB Switch Module 7.8.10.0
IBM SmartCloud Entry 3.2 Fix Pack 19
IBM SmartCloud Entry 3.2 Fix Pack 18
IBM SmartCloud Entry 3.2 fix pack 14
IBM SmartCloud Entry 3.2 fix pack 13
IBM SmartCloud Entry 3.2 Fix Pack 11
IBM SmartCloud Entry 3.2 Appliance fix pack 2
IBM SmartCloud Entry 3.2 Appliance fix pack 1
IBM SmartCloud Entry 3.2
IBM SmartCloud Entry 3.1 FP 9
IBM SmartCloud Entry 3.1 fix pack 13
IBM SmartCloud Entry 3.1 Fix Pack 10
IBM SmartCloud Entry 3.1 Appliance fix pack 2
IBM SmartCloud Entry 3.1 Appliance fix pack 1
IBM SmartCloud Entry 3.1
IBM SmartCloud Entry 2.4 Fix Pack 2
IBM SmartCloud Entry 2.4 Appliance fix pack 6
IBM SmartCloud Entry 2.4 Appliance fix pack 4
IBM SmartCloud Entry 2.3 Fix Pack 2
IBM SmartCloud Entry 2.3 Fix Pack 1
IBM SmartCloud Entry 2.3 Appliance fix pack 6
IBM SmartCloud Entry 2.3 Appliance fix pack 4
IBM SmartCloud Entry 2.2 Fix Pack 2
IBM SmartCloud Entry 2.2 Fix Pack 1
IBM SmartCloud Entry 2.2 Appliance fix pack 6
IBM SmartCloud Entry 2.2 Appliance fix pack 4
IBM SmartCloud Entry 2.2
IBM SmartCloud Entry 3.2.0.4 FixPack 15
IBM SmartCloud Entry 3.2.0.4 FixPack 13
IBM SmartCloud Entry 3.2.0.4 fix pack 11
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4 Appliance FP
IBM SmartCloud Entry 3.2.0.4
IBM SmartCloud Entry 3.2.0.3
IBM SmartCloud Entry 3.2.0.2
IBM SmartCloud Entry 3.2.0.1
IBM SmartCloud Entry 3.2.0.0
IBM SmartCloud Entry 3.2.0 fix pack 9
IBM SmartCloud Entry 3.2.0 fix pack 8
IBM SmartCloud Entry 3.2.0 fix pack 10
IBM SmartCloud Entry 3.2 Appliance fixpac
IBM SmartCloud Entry 3.2 Appliance fixpac
IBM SmartCloud Entry 3.1.0.4 FixPack 15
IBM SmartCloud Entry 3.1.0.4 FixPack 12
IBM SmartCloud Entry 3.1.0.4 fix pack 10
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4 Appliance FP
IBM SmartCloud Entry 3.1.0.4
IBM SmartCloud Entry 3.1.0.3
IBM SmartCloud Entry 3.1.0.2
IBM SmartCloud Entry 3.1.0.1
IBM SmartCloud Entry 3.1.0.0
IBM SmartCloud Entry 3.1.0 fix pack 9
IBM SmartCloud Entry 3.1.0 fix pack 8
IBM SmartCloud Entry 3.1 FP 10
IBM SmartCloud Entry 3.1 Appliance fixpac
IBM SmartCloud Entry 3.1 Appliance fixpac
IBM SmartCloud Entry 2.4.0.5 JRE Update 5
IBM SmartCloud Entry 2.4.0.5 FixPack 5
IBM SmartCloud Entry 2.4.0.5 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance FP
IBM SmartCloud Entry 2.4.0.4 Appliance Fi
IBM SmartCloud Entry 2.4.0.4 Appliance Fi
IBM SmartCloud Entry 2.4.0.3 Appliance FP
IBM SmartCloud Entry 2.4.0.3 Appliance FP
IBM SmartCloud Entry 2.4.0 fix pack 1
IBM SmartCloud Entry 2.4.0
IBM SmartCloud Entry 2.3.0.4 Appliance FP
IBM SmartCloud Entry 2.3.0.4 Appliance FP
IBM SmartCloud Entry 2.3.0.4 Appliance Fi
IBM SmartCloud Entry 2.3.0.4 Appliance Fi
IBM SmartCloud Entry 2.3.0.3 JRE Update 5
IBM SmartCloud Entry 2.3.0.3 JRE Update 4
IBM SmartCloud Entry 2.3.0.3 FixPack 3
IBM SmartCloud Entry 2.3.0.3 Appliance FP
IBM SmartCloud Entry 2.3.0.3 Appliance FP
IBM SmartCloud Entry 2.3.0
IBM SmartCloud Entry 2.2.0.4 Appliance FP
IBM SmartCloud Entry 2.2.0.4 Appliance FP
IBM SmartCloud Entry 2.2.0.4 Appliance Fi
IBM SmartCloud Entry 2.2.0.4 Appliance Fi
IBM SmartCloud Entry 2.2.0.3 Appliance FP
IBM SmartCloud Entry 2.2.0.3 Appliance FP
IBM Security Privileged Identity Manager 2.0
IBM Security Network Protection 5.3.2
IBM Security Network Protection 5.3.1
IBM Security Network Protection 5.3.2.3
IBM Security Network Protection 5.3.2.2
IBM Security Network Protection 5.3.2.1
IBM Security Network Protection 5.3.1.9
IBM Security Network Protection 5.3.1.8
IBM Security Network Protection 5.3.1.7
IBM Security Network Protection 5.3.1.6
IBM Security Network Protection 5.3.1.5
IBM Security Network Protection 5.3.1.4
IBM Security Network Protection 5.3.1.3
IBM Security Network Protection 5.3.1.2
IBM Security Network Protection 5.3.1.1
IBM Security Identity Governance and Intelligence 5.2.1
IBM Security Guardium 10.0.1
IBM Security Guardium 10.1
IBM Security Guardium 10.0
IBM Security Access Manager for Web 8.0.1
IBM Security Access Manager for Web 8.0 3
IBM Security Access Manager for Web 8.0 2
IBM Security Access Manager for Web 8.0.1.4
IBM Security Access Manager for Web 8.0.1.3
IBM Security Access Manager for Web 8.0.1.2
IBM Security Access Manager for Web 8.0.1.1
IBM Security Access Manager for Web 8.0.1.0
IBM Security Access Manager for Web 8.0.0.5
IBM Security Access Manager for Web 8.0.0.4
IBM Security Access Manager for Web 8.0.0.0
IBM Security Access Manager for Web 7.0
IBM Security Access Manager for Mobile 8.0.1
IBM Security Access Manager for Mobile 8.0.1.4
IBM Security Access Manager for Mobile 8.0.1.3
IBM Security Access Manager for Mobile 8.0.1.2
IBM Security Access Manager for Mobile 8.0.1.1
IBM Security Access Manager for Mobile 8.0.0.5
IBM Security Access Manager for Mobile 8.0.0.4
IBM Security Access Manager for Mobile 8.0.0.3
IBM Security Access Manager for Mobile 8.0.0.2
IBM Security Access Manager for Mobile 8.0.0.1
IBM Security Access Manager for Mobile 8.0.0.0
IBM Security Access Manager for Mobile 8.0
IBM Security Access Manager 9.0.1.0
IBM Security Access Manager 9.0.0.1
IBM Security Access Manager 9.0
IBM Sametime Media Server 9.0
IBM RackSwitch G8332 7.7.23.0
IBM RackSwitch G8316 7.9.17.0
IBM RackSwitch G8264T 7.9.17.0
IBM RackSwitch G8264CS 7.8.14.0
IBM RackSwitch G8264 7.9.17.0
IBM RackSwitch G8264 7.11.7.0
IBM RackSwitch G8124/G8124-E 7.9.17.0
IBM RackSwitch G8124/G8124-E 7.11.7.0
IBM RackSwitch G8052 7.9.17.0
IBM RackSwitch G8052 7.11.7.0
IBM PowerKVM 3.1
IBM PowerKVM 2.1
IBM MQ Appliance M2001
IBM MQ Appliance M2000
IBM Integrated Management Module II (IMM2) for System X 1aoo
IBM Integrated Management Module II (IMM2) for Flex Systems 1aoo
IBM Integrated Management Module II (IMM2) for BladeCenter Systems 1aoo
IBM InfoSphere Streams 4.0.1
IBM InfoSphere Streams 3.2.1
IBM InfoSphere Streams 4.1.1.1
IBM InfoSphere Streams 4.1.1.0
IBM InfoSphere Streams 4.1
IBM InfoSphere Streams 4.0.1.2
IBM InfoSphere Streams 4.0.1.1
IBM InfoSphere Streams 4.0.1.0
IBM InfoSphere Streams 4.0.0.1
IBM InfoSphere Streams 4.0.0.0
IBM InfoSphere Streams 3.2.1.5
IBM InfoSphere Streams 3.2.1.4
IBM InfoSphere Streams 3.2.1.3
IBM InfoSphere Streams 3.2.1.2
IBM InfoSphere Streams 3.2.1.1
IBM InfoSphere Streams 3.2
IBM InfoSphere Streams 3.1.0.8
IBM InfoSphere Streams 3.1.0.7
IBM InfoSphere Streams 3.1.0.6
IBM InfoSphere Streams 3.1.0.5
IBM InfoSphere Streams 3.1.0.4
IBM InfoSphere Streams 3.1.0.3
IBM InfoSphere Streams 3.1.0.1
IBM InfoSphere Streams 3.1.0.0
IBM InfoSphere Streams 3.1
IBM InfoSphere Streams 3.0.0.6
IBM InfoSphere Streams 3.0.0.5
IBM InfoSphere Streams 3.0.0.4
IBM InfoSphere Streams 3.0.0.3
IBM InfoSphere Streams 3.0.0.2
IBM InfoSphere Streams 3.0.0.1
IBM InfoSphere Streams 3.0.0.0
IBM InfoSphere Streams 3.0
IBM InfoSphere Streams 2.0.0.4
IBM InfoSphere Streams 2.0.0.0
IBM InfoSphere Streams 2.0
IBM InfoSphere Streams 1.2.1.0
IBM InfoSphere Streams 1.2.1
IBM InfoSphere Streams 1.2
IBM Flex System Manager 1.3.2 0
IBM Flex System Manager 1.3.4.0
IBM Flex System Manager 1.3.3.0
IBM DataPower Gateways 7.5.1.1
IBM DataPower Gateways 7.5.1.0
IBM DataPower Gateways 7.5.0.2
IBM DataPower Gateways 7.5.0.1
IBM DataPower Gateways 7.5.0.0
IBM DataPower Gateways 7.2.0.8
IBM DataPower Gateways 7.2.0.6
IBM DataPower Gateways 7.2.0.5
IBM DataPower Gateways 7.2.0.4
IBM DataPower Gateways 7.2.0.3
IBM DataPower Gateways 7.2.0.2
IBM DataPower Gateways 7.2.0.1
IBM DataPower Gateways 7.2.0.0
IBM Cognos Business Intelligence Server 10.2.2
IBM Cognos Business Intelligence Server 10.2.1 1
IBM Cognos Business Intelligence Server 10.2.1
IBM Cognos Business Intelligence Server 10.1.1
IBM Cognos Business Intelligence Server 10.2
IBM BigFix Security Compliance Analytics 1.7
HP IceWall File Manager 3.0
HP IceWall Federation Agent 3.0
Bluecoat Security Analytics Platform 7.1
Bluecoat Security Analytics Platform 7.0
Bluecoat Security Analytics Platform 6.6
Bluecoat Proxysg 6.6
Bluecoat Proxysg 6.5
Bluecoat Norman Network Protection 5.3
Bluecoat Industrial Control Systems Network Scanner 5.3
Bluecoat Industrial Control System Protection 5.3
Bluecoat Director 6.1
Bluecoat AuthConnector 2.5
Bluecoat Advanced Secure Gateway 6.6
McAfee Web Gateway 7.7
McAfee Web Gateway 7.6.2.4
McAfee Web Gateway 7.5.2.11
McAfee Email Gateway 7.6.406-3402.103
Juniper JUNOS Space 16.1R1
IBM Security Privileged Identity Manager 2.0.2 Fixpack 8
IBM Security Network Protection 5.3.2.4
IBM Security Network Protection 5.3.1.10
IBM Sametime Media Server 9.0.1
IBM BigFix Security Compliance Analytics 1.8
Exploit
The researcher has created an exploit code to demonstrate the issue. Please see the references for more information.
References:
- libxml2 Homepage (xmlsoft)
- Oracle Linux Bulletin - July 2016 (Oracle)
- The XML C parser and toolkit of Gnome Releases (xmlsoft)
- 2017-01 Security Bulletin: Junos Space: Multiple vulnerabilities resolved in 16. (Juniper)
- Bug 1332443 - (CVE-2016-3705) CVE-2016-3705 libxml2: stack overflow before detec (Red Hat)
- Bug 765207 - Stack exhaustion parsing xml in parser (GNOME)
- HPSBGN03617 rev.2 - HPE IceWall Federation Agent and IceWall File Manager using (HP)
- Intel Security - Security Bulletin: McAfee Web Gateway update fixes several vuln (McAfee)
- isg3T1024088: Security Bulletin: Multiple vulnerabilities in libxml2 affect Powe (IBM)
- isg3T1024194: Libxml2 vulnerabilities affect IBM SmartCloud Entry (IBM)
- isg3T1024318: IBM Flex System Manager (FSM) is affected by multiple libxml2 vuln (IBM)
- migr-5099462: Vulnerabilities in libxml2 affect IBM Virtual Fabric 10Gb Switch M (IBM)
- migr-5099466: Vulnerabilities in libxml2 affect IBM RackSwitch Networking produc (IBM)
- Oracle VM Server for x86 Bulletin - July 2016 (Oracle)
- Release Notes: McAfee® Email Gateway Appliance Patch 7.6.406 (McAfee)
- SA129: Multiple libxml2 Vulnerabilities (Bluecoat)
- Security Bulletin: Vulnerabilities in libxml2 affect IBM Integrated Management M (IBM)
- swg21984773 : Vulnerability in libxml2 affects IBM BigFix Compliance Analytics. (IBM)
- swg21985337: Multiple libxml2 vulnerabilities affect the Sametime Media Server (IBM)
- swg21986974: Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM S (IBM)
- swg21988706: Multiple Security Vulnerabilities fixed in IBM Security Privileged (IBM)
- swg21989043 Security Bulletin: Multiple vulnerabilities in libxml2 affect IBM MQ (IBM)
- swg21990046:Vulnerabilities in XML processing affect IBM DataPower Gateways (IBM)
- swg21990231: IBM Security Guardium is affected by Open Source XMLsoft Libxml2 Vu (IBM)
- swg21990750: Multiple vulnerabilities in libxml2 affect IBM Security Identity Go (IBM)
- swg21990837:IBM Security Access Manager for Mobile is affected by security vulne (IBM)
- swg21990838:IBM Security Access Manager for Web is affected by security vulnerab (IBM)
- swg21991065:Vulnerability in libxml2 affects IBM Streams (CVE-2016-3705) (IBM)
- swg21995691: IBM Cognos Business Intelligence Server 2016Q4 Security Updater : I (IBM)