CVE-2016-9598
MEDIUMRedhat Jboss Core Services < 2.9.4 - Out-of-Bounds Read
Title source: ruleDescription
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.
References (2)
Core 2
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1408306
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2486
Scores
CVSS v3
6.5
EPSS
0.0067
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-125
Status
published
Products (2)
redhat/jboss_core_services
xmlsoft/libxml2
< 2.9.4
Published
Aug 16, 2018
Tracked Since
Feb 18, 2026