Details of VAR-201605-0145

ID

VAR-201605-0145

CVE

CVE-2016-0718

TITLE

Expat Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-002931

DESCRIPTION

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. There is a security hole in Expat. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update Advisory ID: RHSA-2018:2486-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2018:2486 Issue date: 2018-08-16 CVE Names: CVE-2016-0718 CVE-2016-7167 CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 CVE-2016-9598 CVE-2017-6004 CVE-2017-7186 CVE-2017-7244 CVE-2017-7245 CVE-2017-7246 CVE-2017-1000254 CVE-2017-1000257 CVE-2018-0500 ==================================================================== 1. Summary: Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available. Red Hat Product Security has rated this release as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes, enhancements and component upgrades included in this release. Security Fix(es): * expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718) * curl: escape and unescape integer overflows (CVE-2016-7167) * curl: Cookie injection for other servers (CVE-2016-8615) * curl: Case insensitive password comparison (CVE-2016-8616) * curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617) * curl: Double-free in curl_maprintf (CVE-2016-8618) * curl: Double-free in krb5 code (CVE-2016-8619) * curl: curl_getdate out-of-bounds read (CVE-2016-8621) * curl: URL unescape heap overflow via integer truncation (CVE-2016-8622) * curl: Use-after-free via shared cookies (CVE-2016-8623) * curl: Invalid URL parsing with '#' (CVE-2016-8624) * curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625) * libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598) * pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004) * pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186) * pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244) * pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245) * pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246) * curl: FTP PWD response parser out of bounds read (CVE-2017-1000254) * curl: IMAP FETCH response out of bounds read (CVE-2017-1000257) * curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500) Details around this issue, including information about the CVE, severity of the issue, and the CVSS score can be found on the CVE page listed in the Reference section below. The following packages have been upgraded to a newer upstream version: * Curl (7.57.0) * OpenSSL (1.0.2n) * Expat (2.2.5) * PCRE (8.41) * libxml2 (2.9.7) Acknowledgements: CVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue. Upstream acknowledges Max Dymond as the original reporter. CVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter. CVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue. 3. Solution: The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files). 4. Bugs fixed (https://bugzilla.redhat.com/): 1296102 - CVE-2016-0718 expat: Out-of-bounds heap read on crafted input causing crash 1375906 - CVE-2016-7167 curl: escape and unescape integer overflows 1388370 - CVE-2016-8615 curl: Cookie injection for other servers 1388371 - CVE-2016-8616 curl: Case insensitive password comparison 1388377 - CVE-2016-8617 curl: Out-of-bounds write via unchecked multiplication 1388378 - CVE-2016-8618 curl: Double-free in curl_maprintf 1388379 - CVE-2016-8619 curl: Double-free in krb5 code 1388385 - CVE-2016-8621 curl: curl_getdate out-of-bounds read 1388386 - CVE-2016-8622 curl: URL unescape heap overflow via integer truncation 1388388 - CVE-2016-8623 curl: Use-after-free via shared cookies 1388390 - CVE-2016-8624 curl: Invalid URL parsing with '#' 1388392 - CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host 1408306 - CVE-2016-9598 libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) 1425365 - CVE-2017-6004 pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) 1434504 - CVE-2017-7186 pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) 1437364 - CVE-2017-7244 pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c) 1437367 - CVE-2017-7245 pcre: stack-based buffer overflow write in pcre32_copy_substring 1437369 - CVE-2017-7246 pcre: stack-based buffer overflow write in pcre32_copy_substring 1495541 - CVE-2017-1000254 curl: FTP PWD response parser out of bounds read 1503705 - CVE-2017-1000257 curl: IMAP FETCH response out of bounds read 1597101 - CVE-2018-0500 curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP 5. References: https://access.redhat.com/security/cve/CVE-2016-0718 https://access.redhat.com/security/cve/CVE-2016-7167 https://access.redhat.com/security/cve/CVE-2016-8615 https://access.redhat.com/security/cve/CVE-2016-8616 https://access.redhat.com/security/cve/CVE-2016-8617 https://access.redhat.com/security/cve/CVE-2016-8618 https://access.redhat.com/security/cve/CVE-2016-8619 https://access.redhat.com/security/cve/CVE-2016-8621 https://access.redhat.com/security/cve/CVE-2016-8622 https://access.redhat.com/security/cve/CVE-2016-8623 https://access.redhat.com/security/cve/CVE-2016-8624 https://access.redhat.com/security/cve/CVE-2016-8625 https://access.redhat.com/security/cve/CVE-2016-9598 https://access.redhat.com/security/cve/CVE-2017-6004 https://access.redhat.com/security/cve/CVE-2017-7186 https://access.redhat.com/security/cve/CVE-2017-7244 https://access.redhat.com/security/cve/CVE-2017-7245 https://access.redhat.com/security/cve/CVE-2017-7246 https://access.redhat.com/security/cve/CVE-2017-1000254 https://access.redhat.com/security/cve/CVE-2017-1000257 https://access.redhat.com/security/cve/CVE-2018-0500 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3WhLtzjgjWX9erEAQgw7g//Qz9zXKXcAGEiJLq910Gqgdj6IeJD7Zy1 lvB63+tVL79Rr7X1/rL8EYNoDYw7+MQJeFgWhCwGFPLJi43O3q5cDANVK8/9nUJp UV5QzGC62ncurV3U4MF8DWUcJYpi2QhvlV3O++0dVjx4ETJgBTBSGUpUeEzcYNjM 3LsNmroNWIURAyNsBzO3KgrQhWwJ3vM5e7X6Xgy44S07Kgs2yrArtcsHYjqlDzzR X3Yo8G97DurTikcIWcXs45w9rdKXNSheGRKL7Jp/mzoqCKV4RbieRM12L05MwXmi ZNTMdhJzd+aA3Kwx9JjOjSv8MJErRioUKZEisaH0VWnwTiQc4sOlIXgMuJBV+ZGo RZz0d4sQ1HkeTQKFHkt85abdEiK6OLtKpdZns0VvqqtfdaHJqitqaAfrvssc3D+R usY7sGrlm4rAyYSddWUlLgrF3KZq7PoxVqj+15NkvBisXPp6xwgSiu8aoxziIiNq 0UWQG7KvdlbmrlzNOBBe96COI3UK36AxUXMK6abPzW6VmlY6O1x2OPPgNcItOFVp /o2p3HalPrucwjfwADBGvlbc+SRUguNdnftvmAG3DO1Oon4OnRdoPerNBkY7QRRC Ke88RWnjA37kZ7bBL3Mag6rX8vIlZoy0g1563AnzvexpXiywy6fU4UNpkCHNulNH oPmWeYAK/SE=5slr -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <57683228.8060901@canonical.com> Subject: [USN-3013-1] XML-RPC for C and C++ vulnerabilities ============================================================================ Ubuntu Security Notice USN-3013-1 June 20, 2016 xmlrpc-c vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Several security issues were fixed in XML-RPC for C and C++. Software Description: - xmlrpc-c: Lightweight RPC library based on XML and HTTP Details: It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. (CVE-2016-0718) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. (CVE-2015-1283, CVE-2016-4472) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: libxmlrpc-c++4 1.16.33-3.1ubuntu5.2 libxmlrpc-core-c3 1.16.33-3.1ubuntu5.2 After a standard system upgrade you need to restart any applications linked against XML-RPC for C and C++ to effect the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Expat: Multiple vulnerabilities Date: January 11, 2017 Bugs: #458742, #555642, #577928, #583268, #585510 ID: 201701-21 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code. Background ========== Expat is a set of XML parsing libraries. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-libs/expat < 2.2.0-r1 >= 2.2.0-r1 Description =========== Multiple vulnerabilities have been discovered in Expat. Please review the CVE identifiers referenced below for details. This attack could also be used against automated systems that arbitrarily process XML files. Workaround ========== There is no known workaround at this time. Resolution ========== All Expat users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/expat-2.2.0-r1" References ========== [ 1 ] CVE-2012-6702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6702 [ 2 ] CVE-2013-0340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0340 [ 3 ] CVE-2015-1283 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1283 [ 4 ] CVE-2016-0718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0718 [ 5 ] CVE-2016-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4472 [ 6 ] CVE-2016-5300 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5300 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-21 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-03-28-2 Additional information for APPLE-SA-2017-03-22-1 iTunes for Windows 12.6 iTunes for Windows 12.6 addresses the following: APNs Server Available for: Windows 7 and later Impact: An attacker in a privileged network position can track a user's activity Description: A client certificate was sent in plaintext. This issue was addressed through improved certificate handling. CVE-2017-2383: Matthias Wachs and Quirin Scheitle of Technical University Munich (TUM) Entry added March 28, 2017 iTunes Available for: Windows 7 and later Impact: Multiple issues in SQLite Description: Multiple issues existed in SQLite. These issues were addressed by updating SQLite to version 3.15.2. These issues were addressed by updating expat to version 2.2.0. CVE-2009-3270 CVE-2009-3560 CVE-2009-3720 CVE-2012-1147 CVE-2012-1148 CVE-2012-6702 CVE-2015-1283 CVE-2016-0718 CVE-2016-4472 CVE-2016-5300 libxslt Available for: Windows 7 and later Impact: Multiple vulnerabilities in libxslt Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-5029: Holger Fuhrmannek Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-2017-2463: Kai Kang (4B5F5F4B) of Tencent's Xuanwu Lab (tencent.com) working with Trend Micro's Zero Day Initiative Entry added March 28, 2017 WebKit Available for: Windows 7 and later Impact: Processing maliciously crafted web content may exfiltrate data cross-origin Description: A validation issue existed in element handling. This issue was addressed through improved validation. CVE-2017-2479: lokihardt of Google Project Zero CVE-2017-2480: lokihardt of Google Project Zero Entry added March 28, 2017 Installation note: iTunes for Windows 12.6 may be obtained from: https://www.apple.com/itunes/download/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIcBAEBCgAGBQJY2sl6AAoJEIOj74w0bLRGEMAQAJjPU9+iTIEs0o4EfazvmkXj /zLRgzdfr1kp9Iu90U/ZxgnAO3ZUqEF/6FWy6dN3zSA7AlP7q+zFlxXqbkoJB+eX sE+vGilHWZ8p2Qud9EikwDKCvLNn/4xYQ9Nm0jCwA14VBS1dBlOrFUlsnM9EoS9/ YKks/NSYV9jtLgKvc42SeTks62tLL5ZQGMKv+Gg0HH2Yeug2eAHGb+u5vYCHTcER AMTKKQtr57IJyz2tg7YZGWvbKIS2690CpIyZGxpbUCKv+dNdEPsDTNHjjpzwMBtc diSIIX8AC6T0nWbrOFtWqhhFyWk6rZAWb8RvDYYd/a6ro7hxYq8xZATBS2BJFskp esMHBuFYgDwIeJiGaCW07UyJzyzDck7pesJeq7gqF+O5Fl6bdHN4b8rNmVtBvDom g7tkwSE9+ZmiPUMJGF2NUWNb4+yY0OPm3Uq2kvoyXl5KGmEaFMoDnPzKIdPmE+b+ lJZUYgQSXlO6B7uz+MBx2ntH1uhIrAdKhFiePYj/lujNB3lTij5zpCOLyivdEXZw iJHX211+FpS8VV1/dHOjgbYnvnw4wofbPN63dkYvwgwwWy7VISThXQuMqtDW/wOE 9h0me2NkZRxQ845p4MaLPqZQFi1WcU4/PbcBBb0CvBwlnonYP/YRnyQrNWx+36Fo VkUmhXDNi0csm+QTi7ZP =hPjT -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3582-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 18, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : expat CVE ID : CVE-2016-0718 Gustavo Grieco discovered that Expat, an XML parsing C library, does not properly handle certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. For the stable distribution (jessie), this problem has been fixed in version 2.1.0-6+deb8u2. Additionally this update refreshes the fix for CVE-2015-1283 to avoid relying on undefined behavior. We recommend that you upgrade your expat packages

Trust: 2.43

sources: NVD: CVE-2016-0718 // JVNDB: JVNDB-2016-002931 // VULHUB: VHN-88228 // VULMON: CVE-2016-0718 // PACKETSTORM: 148973 // PACKETSTORM: 137544 // PACKETSTORM: 141796 // PACKETSTORM: 140431 // PACKETSTORM: 141937 // PACKETSTORM: 137108 // PACKETSTORM: 137109

AFFECTED PRODUCTS

vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12	Trust: 1.8
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12	Trust: 1.8
vendor:	opensuse	model:	leap	scope:	eq	version:	42.1	Trust: 1.8
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12	Trust: 1.8
vendor:	suse	model:	studio onsite	scope:	eq	version:	1.3	Trust: 1.8
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.6
vendor:	python	model:	python	scope:	lt	version:	3.6.2	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	2.7.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.5.4	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.4.0	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.3.7	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	2.7.15	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.5.0	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.2	Trust: 1.0
vendor:	python	model:	python	scope:	lt	version:	3.4.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.11.0	Trust: 1.0
vendor:	mcafee	model:	policy auditor	scope:	lt	version:	6.5.1	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.6.0	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	11	Trust: 1.0
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.5	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	12.04	Trust: 1.0
vendor:	libexpat	model:	libexpat	scope:	lt	version:	2.2.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lt	version:	48.0	Trust: 1.0
vendor:	python	model:	python	scope:	gte	version:	3.3.0	Trust: 1.0
vendor:	suse	model:	linux enterprise debuginfo	scope:	eq	version:	11	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	11-sp4	Trust: 0.8
vendor:	suse	model:	linux enterprise desktop	scope:	eq	version:	12-sp1	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11.6	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	12.04 lts	Trust: 0.8
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	12-sp1	Trust: 0.8
vendor:	suse	model:	linux enterprise server	scope:	eq	version:	11-sp4	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	16.04 lts	Trust: 0.8
vendor:	suse	model:	linux enterprise debuginfo	scope:	eq	version:	11-sp4	Trust: 0.8
vendor:	expat	model:	expat	scope:	-	version:	-	Trust: 0.8
vendor:	suse	model:	linux enterprise software development kit	scope:	eq	version:	12-sp1	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	15.10	Trust: 0.8
vendor:	canonical	model:	ubuntu	scope:	eq	version:	14.04 lts	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	lt	version:	10.11	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	eq	version:	8.0	Trust: 0.8

sources: CNNVD: CNNVD-201605-455 // JVNDB: JVNDB-2016-002931 // NVD: CVE-2016-0718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-0718
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-0718
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201605-455
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-88228
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-0718
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-0718
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-88228
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-0718
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2016-0718
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-88228 // VULMON: CVE-2016-0718 // CNNVD: CNNVD-201605-455 // JVNDB: JVNDB-2016-002931 // NVD: CVE-2016-0718

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-88228 // JVNDB: JVNDB-2016-002931 // NVD: CVE-2016-0718

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 137544 // PACKETSTORM: 137108 // CNNVD: CNNVD-201605-455

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201605-455

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002931

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-88228

PATCH

title:	APPLE-SA-2016-07-18-1 OS X El Capitan v10.11.6 and Security Update 2016-004	url:	http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/en-us/HT206903	Trust: 0.8
title:	HT206903	url:	https://support.apple.com/ja-jp/HT206903	Trust: 0.8
title:	DSA-3582	url:	https://www.debian.org/security/2016/dsa-3582	Trust: 0.8
title:	MFSA2016-68	url:	http://www.mozilla.org/security/announce/2016/mfsa2016-68.html	Trust: 0.8
title:	MFSA2016-68	url:	http://www.mozilla-japan.org/security/announce/2016/mfsa2016-68.html	Trust: 0.8
title:	SUSE-SU-2016:1512	url:	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html	Trust: 0.8
title:	openSUSE-SU-2016	url:	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html	Trust: 0.8
title:	SUSE-SU-2016:1508	url:	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html	Trust: 0.8
title:	Bug 1296102	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1296102#c2	Trust: 0.8
title:	Expat XML Parser	url:	https://sourceforge.net/projects/expat/	Trust: 0.8
title:	USN-2983-1	url:	http://www.ubuntu.com/usn/USN-2983-1/	Trust: 0.8
title:	Expat Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=61769	Trust: 0.6
title:	The Register	url:	https://www.theregister.co.uk/2017/02/28/eset_antivirus_opens_macs_to_remote_execution_as_root/	Trust: 0.2
title:	Red Hat: Moderate: expat security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20162824 - Security Advisory	Trust: 0.1
title:	Ubuntu Security Notice: expat vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2983-1	Trust: 0.1
title:	Mozilla: Mozilla Foundation Security Advisory 2016-68	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=2016-68	Trust: 0.1
title:	Mozilla: Out-of-bounds read during XML parsing in Expat library	url:	https://vulmon.com/vendoradvisory?qidtp=mozilla_advisories&qid=ed80349726dbf716de7cec0c272ec473	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2016-775	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2016-775	Trust: 0.1
title:	Ubuntu Security Notice: xmlrpc-c vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3013-1	Trust: 0.1
title:	Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20182486 - Security Advisory	Trust: 0.1
title:	Tenable Security Advisories: [R5] Nessus 6.8 Fixes Multiple Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-11	Trust: 0.1
title:	Ubuntu Security Notice: firefox vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-3044-1	Trust: 0.1
title:	Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - July 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=ac5af5dd99788925425f5747ec672707	Trust: 0.1
title:	Oracle: Oracle Critical Patch Update Advisory - July 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=5f8c525f1408011628af1792207b2099	Trust: 0.1
title:	Android Security Bulletins: Android Security Bulletin—November 2016	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=29d79db4a6421689e55b5a9ce5d2aa60	Trust: 0.1
title:	Tenable Security Advisories: [R3] PVS 5.2.0 Fixes Multiple Third-party Library Vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2016-20	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=21c0efa2643d707e2f50a501209eb75c	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - October 2016	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=13f3551b67d913fba90df4b2c0dae0bf	Trust: 0.1
title:	Siemens Security Advisories: Siemens Security Advisory	url:	https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=ec6577109e640dac19a6ddb978afe82d	Trust: 0.1
title:	afl-cve	url:	https://github.com/mrash/afl-cve	Trust: 0.1
title:	BleepingComputer	url:	https://www.bleepingcomputer.com/news/security/google-security-researcher-finds-security-hole-in-esets-mac-antivirus/	Trust: 0.1

sources: VULMON: CVE-2016-0718 // CNNVD: CNNVD-201605-455 // JVNDB: JVNDB-2016-002931

EXTERNAL IDS

db:	NVD	id:	CVE-2016-0718	Trust: 3.3
db:	SECTRACK	id:	1036348	Trust: 1.8
db:	SECTRACK	id:	1037705	Trust: 1.8
db:	SECTRACK	id:	1036415	Trust: 1.8
db:	PACKETSTORM	id:	141350	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2016/05/17/12	Trust: 1.8
db:	TENABLE	id:	TNS-2016-20	Trust: 1.8
db:	MCAFEE	id:	SB10365	Trust: 1.8
db:	BID	id:	90729	Trust: 1.8
db:	JVN	id:	JVNVU94844193	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002931	Trust: 0.8
db:	CNNVD	id:	CNNVD-201605-455	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.0699	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2593	Trust: 0.6
db:	PACKETSTORM	id:	137109	Trust: 0.2
db:	PACKETSTORM	id:	137108	Trust: 0.2
db:	PACKETSTORM	id:	148973	Trust: 0.2
db:	PACKETSTORM	id:	139908	Trust: 0.1
db:	PACKETSTORM	id:	138181	Trust: 0.1
db:	VULHUB	id:	VHN-88228	Trust: 0.1
db:	VULMON	id:	CVE-2016-0718	Trust: 0.1
db:	PACKETSTORM	id:	137544	Trust: 0.1
db:	PACKETSTORM	id:	141796	Trust: 0.1
db:	PACKETSTORM	id:	140431	Trust: 0.1
db:	PACKETSTORM	id:	141937	Trust: 0.1

sources: VULHUB: VHN-88228 // VULMON: CVE-2016-0718 // PACKETSTORM: 148973 // PACKETSTORM: 137544 // PACKETSTORM: 141796 // PACKETSTORM: 140431 // PACKETSTORM: 141937 // PACKETSTORM: 137108 // PACKETSTORM: 137109 // CNNVD: CNNVD-201605-455 // JVNDB: JVNDB-2016-002931 // NVD: CVE-2016-0718

REFERENCES

url:	http://www.securityfocus.com/bid/90729	Trust: 1.9
url:	https://security.gentoo.org/glsa/201701-21	Trust: 1.9
url:	https://access.redhat.com/errata/rhsa-2018:2486	Trust: 1.9
url:	http://www.ubuntu.com/usn/usn-2983-1	Trust: 1.9
url:	http://www.securitytracker.com/id/1036348	Trust: 1.8
url:	http://www.securitytracker.com/id/1036415	Trust: 1.8
url:	http://www.securitytracker.com/id/1037705	Trust: 1.8
url:	http://seclists.org/fulldisclosure/2017/feb/68	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/jul/msg00000.html	Trust: 1.8
url:	http://www.debian.org/security/2016/dsa-3582	Trust: 1.8
url:	http://rhn.redhat.com/errata/rhsa-2016-2824.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00006.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00007.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-3044-1	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2016/05/17/12	Trust: 1.8
url:	http://packetstormsecurity.com/files/141350/eset-endpoint-antivirus-6-remote-code-execution.html	Trust: 1.8
url:	http://support.eset.com/ca6333/	Trust: 1.8
url:	http://www.mozilla.org/security/announce/2016/mfsa2016-68.html	Trust: 1.8
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Trust: 1.8
url:	http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html	Trust: 1.8
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1236923	Trust: 1.8
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1296102	Trust: 1.8
url:	https://source.android.com/security/bulletin/2016-11-01.html	Trust: 1.8
url:	https://support.apple.com/ht206903	Trust: 1.8
url:	https://www.tenable.com/security/tns-2016-20	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00064.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00010.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html	Trust: 1.8
url:	http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html	Trust: 1.8
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10365	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0718	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94844193/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0718	Trust: 0.8
url:	https://access.redhat.com/errata/rhsa-2016:2824	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0718	Trust: 0.7
url:	https://access.redhat.com/security/cve/cve-2016-0718	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2021.2593	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.0699/	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2012-6702	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-5300	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-4472	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1283	Trust: 0.4
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://gpgtools.org	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3720	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-6153	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3415	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3270	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6607	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2009-3560	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3416	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3717	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3414	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-7443	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-1148	Trust: 0.2
url:	https://www.apple.com/itunes/download/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2012-1147	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10365	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://usn.ubuntu.com/2983-1/	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=53129	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8625	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8624	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7244	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-9598	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-1000254	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8619	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8618	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8617	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8616	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-7245	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7186	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8616	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8617	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8619	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7246	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-7167	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8621	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8622	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000257	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-1000257	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-6004	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0500	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-0500	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8622	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-7245	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-1000254	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-7186	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8615	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8618	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-7244	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-8623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-9598	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-7167	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8621	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2016-8623	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-7246	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-6004	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/xmlrpc-c/1.16.33-3.1ubuntu5.2	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-3013-1	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0340	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0340	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-6702	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-5300	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-1283	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-0718	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2016-4472	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2480	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-5029	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2479	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2383	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-2463	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.15.10.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/expat/2.0.1-7.2ubuntu1.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/expat/2.1.0-4ubuntu1.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/expat/2.1.0-7ubuntu0.16.04.1	Trust: 0.1

CREDITS

Gustavo Grieco

Trust: 0.6

sources: CNNVD: CNNVD-201605-455

SOURCES

db:	VULHUB	id:	VHN-88228
db:	VULMON	id:	CVE-2016-0718
db:	PACKETSTORM	id:	148973
db:	PACKETSTORM	id:	137544
db:	PACKETSTORM	id:	141796
db:	PACKETSTORM	id:	140431
db:	PACKETSTORM	id:	141937
db:	PACKETSTORM	id:	137108
db:	PACKETSTORM	id:	137109
db:	CNNVD	id:	CNNVD-201605-455
db:	JVNDB	id:	JVNDB-2016-002931
db:	NVD	id:	CVE-2016-0718

LAST UPDATE DATE

2026-02-08T22:51:35.711000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-88228	date:	2023-02-12T00:00:00
db:	VULMON	id:	CVE-2016-0718	date:	2023-02-12T00:00:00
db:	CNNVD	id:	CNNVD-201605-455	date:	2023-04-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-002931	date:	2016-09-05T00:00:00
db:	NVD	id:	CVE-2016-0718	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-88228	date:	2016-05-26T00:00:00
db:	VULMON	id:	CVE-2016-0718	date:	2016-05-26T00:00:00
db:	PACKETSTORM	id:	148973	date:	2018-08-17T17:41:42
db:	PACKETSTORM	id:	137544	date:	2016-06-21T00:20:59
db:	PACKETSTORM	id:	141796	date:	2017-03-23T16:22:29
db:	PACKETSTORM	id:	140431	date:	2017-01-11T18:55:11
db:	PACKETSTORM	id:	141937	date:	2017-03-28T23:44:44
db:	PACKETSTORM	id:	137108	date:	2016-05-18T15:47:12
db:	PACKETSTORM	id:	137109	date:	2016-05-18T15:47:23
db:	CNNVD	id:	CNNVD-201605-455	date:	2016-05-18T00:00:00
db:	JVNDB	id:	JVNDB-2016-002931	date:	2016-05-30T00:00:00
db:	NVD	id:	CVE-2016-0718	date:	2016-05-26T16:59:00.133