CVE-2016-4570
MEDIUMmini-xml < 2.7 - Denial of Service via Stack Consumption in mxmlDelete
Title source: llmDescription
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/05/09/16
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/90315
Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/01/msg00018.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/05/11/14
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1334648
Scores
CVSS v3
5.5
EPSS
0.0159
EPSS Percentile
72.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (3)
debian/debian_linux
8.0
mini-xml_project/mini-xml
2.9
mini-xml_project/mini-xml
< 2.7
Published
Feb 03, 2017
Tracked Since
Feb 18, 2026