CVE-2016-3627: Improper Input Validation

May 17, 2016 (updated October 30, 2018)

The xmlStringGetNodeList function in tree.c in libxml2, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.

References

nvd.nist.gov/vuln/detail/CVE-2016-3627

Code Behaviors & Features

Detect and mitigate CVE-2016-3627 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →