Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2016-5300

Published: Jun 16, 2016 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
4.3 MODERATE
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2016-5300
CWEhttps://cwe.mitre.org/data/definitions/399.html

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 12.04 (including) 12.04 (including)
Ubuntu_linux Canonical 14.04 (including) 14.04 (including)
Ubuntu_linux Canonical 15.10 (including) 15.10 (including)
Ubuntu_linux Canonical 16.04 (including) 16.04 (including)
Debian_linux Debian 8.0 (including) 8.0 (including)
Audacity Ubuntu kinetic *
Audacity Ubuntu lunar *
Audacity Ubuntu mantic *
Ayttm Ubuntu precise *
Ayttm Ubuntu wily *
Ayttm Ubuntu yakkety *
Cableswig Ubuntu precise *
Cableswig Ubuntu wily *
Cadaver Ubuntu artful *
Cadaver Ubuntu precise *
Cadaver Ubuntu wily *
Cadaver Ubuntu yakkety *
Cadaver Ubuntu zesty *
Coin3 Ubuntu artful *
Coin3 Ubuntu precise *
Coin3 Ubuntu wily *
Coin3 Ubuntu yakkety *
Coin3 Ubuntu zesty *
Expat Ubuntu precise *
Expat Ubuntu trusty *
Expat Ubuntu vivid/stable-phone-overlay *
Expat Ubuntu vivid/ubuntu-core *
Expat Ubuntu wily *
Expat Ubuntu xenial *
Insighttoolkit Ubuntu precise *
Insighttoolkit Ubuntu wily *
Kompozer Ubuntu precise *
Libparagui1.1 Ubuntu precise *
Libxmltok Ubuntu hirsute *
Libxmltok Ubuntu trusty *
Libxmltok Ubuntu xenial *
Matanza Ubuntu artful *
Matanza Ubuntu precise *
Matanza Ubuntu wily *
Matanza Ubuntu yakkety *
Matanza Ubuntu zesty *
Simgear Ubuntu precise *
Sitecopy Ubuntu artful *
Sitecopy Ubuntu precise *
Sitecopy Ubuntu wily *
Sitecopy Ubuntu yakkety *
Sitecopy Ubuntu zesty *
Swish-e Ubuntu artful *
Swish-e Ubuntu precise *
Swish-e Ubuntu wily *
Swish-e Ubuntu yakkety *
Swish-e Ubuntu zesty *
Tdom Ubuntu artful *
Tdom Ubuntu precise *
Tdom Ubuntu wily *
Tdom Ubuntu yakkety *
Tdom Ubuntu zesty *
Tla Ubuntu artful *
Tla Ubuntu precise *
Tla Ubuntu wily *
Tla Ubuntu yakkety *
Tla Ubuntu zesty *
Vnc4 Ubuntu artful *
Vnc4 Ubuntu bionic *
Vnc4 Ubuntu cosmic *
Vnc4 Ubuntu disco *
Vnc4 Ubuntu eoan *
Vnc4 Ubuntu esm-apps/bionic *
Vnc4 Ubuntu esm-apps/xenial *
Vnc4 Ubuntu esm-infra-legacy/trusty *
Vnc4 Ubuntu precise *
Vnc4 Ubuntu trusty *
Vnc4 Ubuntu trusty/esm *
Vnc4 Ubuntu upstream *
Vnc4 Ubuntu wily *
Vnc4 Ubuntu xenial *
Vnc4 Ubuntu yakkety *
Vnc4 Ubuntu zesty *
Vtk Ubuntu precise *
Vtk Ubuntu wily *
Wbxml2 Ubuntu artful *
Wbxml2 Ubuntu precise *
Wbxml2 Ubuntu wily *
Wbxml2 Ubuntu yakkety *
Wbxml2 Ubuntu zesty *
Wxwidgets2.6 Ubuntu precise *
Wxwidgets2.8 Ubuntu precise *
Wxwidgets2.8 Ubuntu wily *
Xmlrpc-c Ubuntu artful *
Xmlrpc-c Ubuntu bionic *
Xmlrpc-c Ubuntu cosmic *
Xmlrpc-c Ubuntu devel *
Xmlrpc-c Ubuntu disco *
Xmlrpc-c Ubuntu eoan *
Xmlrpc-c Ubuntu esm-apps/bionic *
Xmlrpc-c Ubuntu esm-apps/focal *
Xmlrpc-c Ubuntu esm-apps/jammy *
Xmlrpc-c Ubuntu esm-apps/noble *
Xmlrpc-c Ubuntu esm-apps/xenial *
Xmlrpc-c Ubuntu esm-infra-legacy/trusty *
Xmlrpc-c Ubuntu focal *
Xmlrpc-c Ubuntu groovy *
Xmlrpc-c Ubuntu hirsute *
Xmlrpc-c Ubuntu impish *
Xmlrpc-c Ubuntu jammy *
Xmlrpc-c Ubuntu kinetic *
Xmlrpc-c Ubuntu lunar *
Xmlrpc-c Ubuntu mantic *
Xmlrpc-c Ubuntu noble *
Xmlrpc-c Ubuntu precise *
Xmlrpc-c Ubuntu trusty *
Xmlrpc-c Ubuntu trusty/esm *
Xmlrpc-c Ubuntu wily *
Xmlrpc-c Ubuntu xenial *
Xmlrpc-c Ubuntu yakkety *
Xmlrpc-c Ubuntu zesty *
Xotcl Ubuntu precise *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use