CVE-2016-3705: Improper Input Validation

May 17, 2016 (updated October 30, 2018)

The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.

References

nvd.nist.gov/vuln/detail/CVE-2016-3705

Code Behaviors & Features

Detect and mitigate CVE-2016-3705 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →