vulnerability

Red Hat JBoss EAP: CVE-2016-0718: Improper Restriction of Operations within the Bounds of a Memory Buffer

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:P/I:P/A:P)	May 17, 2016	Sep 19, 2024	Nov 26, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Published

May 17, 2016

Added

Sep 19, 2024

Modified

Nov 26, 2025

Description

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.. An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.

Solution

red-hat-jboss-eap-upgrade-latest

References

CWE-119
CVE-2016-0718
https://attackerkb.com/topics/CVE-2016-0718
URL-https://access.redhat.com/security/cve/CVE-2016-0718
URL-https://bugzilla.redhat.com/show_bug.cgi?id=1296102

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today