Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2016-1684

Disclosure Date: June 05, 2016
CVE-2016-1684
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles the i format token for xsl:number data, which allows remote attackers to cause a denial of service (integer overflow or resource consumption) or possibly have unspecified other impact via a crafted document.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • google,
  • xmlsoft

Products

  • chrome,
  • libxslt

References

Canonical
CVE-2016-1684 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1684)
BID-90876 (http://www.securityfocus.com/bid/90876)
Advisory
https://crbug.com/583171
https://git.gnome.org/browse/libxslt/commit?id=91d0540ac9beaa86719a05b749219a69baa0dd8d
DSA-3605 (http://www.debian.org/security/2016/dsa-3605)
APPLE-SA-2016-07-18-4 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html)
APPLE-SA-2016-07-18-3 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00002.html)
APPLE-SA-2016-07-18-2 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html)
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00005.html
https://support.apple.com/HT206901
SECTRACK-1035981 (http://www.securitytracker.com/id/1035981)
https://bugzilla.redhat.com/show_bug.cgi?id=1340017
DSA-3590 (http://www.debian.org/security/2016/dsa-3590)
http://googlechromereleases.blogspot.com/2016/05/stable-channel-update_25.html
USN-2992-1 (http://www.ubuntu.com/usn/USN-2992-1)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00062.html
APPLE-SA-2016-07-18-1 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html)
APPLE-SA-2016-07-18-6 (http://lists.apple.com/archives/security-announce/2016/Jul/msg00005.html)
https://access.redhat.com/errata/RHSA-2016:1190
https://support.apple.com/HT206905
https://support.apple.com/HT206903
https://support.apple.com/HT206902
https://support.apple.com/HT206904
GLSA-201607-07 (https://security.gentoo.org/glsa/201607-07)
http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00063.html
https://support.apple.com/HT206899
FEDORA-2019-320d5295fc (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis