Exploitation Summary
EIP tracks 1 public exploit for CVE-2016-3627. PoCs published by Oneton429.
AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2016-3627, which involves an XML External Entity (XXE) vulnerability. The provided XML file demonstrates the vulnerability by using a crafted DOCTYPE declaration to trigger the issue.
Description
The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
Exploits (1)
This repository contains a functional proof-of-concept exploit for CVE-2016-3627, which involves an XML External Entity (XXE) vulnerability. The provided XML file demonstrates the vulnerability by using a crafted DOCTYPE declaration to trigger the issue.
References (18)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H