CVE-2016-5300

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-5300

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-5300.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-5300

Downstream

ALPINE-CVE-2016-5300

DEBIAN-CVE-2016-5300

DLA-508-1

DSA-3597-1

SUSE-SU-2017:0415-1

SUSE-SU-2017:0424-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

UBUNTU-CVE-2016-5300

USN-3010-1

openSUSE-SU-2024:10077-1

Related

Published

2016-06-16T18:59:10Z

Modified

2025-10-15T08:13:01.002272Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

References

Affected packages

Git / github.com/libexpat/libexpat

Affected ranges

Type: GIT
Repo: https://github.com/libexpat/libexpat
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fbc46fa2be307280648147543c053d05910f7a85

Affected versions

Other

REC1_0

R_1_95_0

R_1_95_2

R_1_95_3

R_1_95_4

R_1_95_5

R_1_95_6

R_1_95_7

R_1_95_8

R_2_0_0

R_2_0_1

R_2_1_0

R_2_1_1

V1990307

V19981122

V19981231

V19990109

V19990425

V19990626

V19990709

V19990728

V19991013

V1_0

V1_1

V20000512

beta2

beta3

beta4

jclark-orig

libexpat-alpha-1

sourceforge_init

start