cve/CVE-2016-4658.md at 080c77ded0654f051cb1bc3976c3cd169cb797da

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3, and other products) does not forbid namespace nodes in XPointer ranges, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and memory corruption) via a crafted XML document.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/mrash/afl-cve
https://github.com/tommarshall/nagios-check-bundle-audit

891 B Raw Blame History

CVE-2016-4658

Description

POC

Reference

Github

891 B

Raw Blame History