VDB

CVE-2016-5300

CVE-2016-5300 PUBLISHED

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

EPSS 2.20% · 84.8th percentile

Risk Scores

EPSS Score
2.20%
84.8th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:14.04:LTSvnc44.1.1+xorg4.3.0-37ubuntu5.0.1, 4.1.1+xorg4.3.0-37ubuntu5.0.2, 4.1.1+xorg4.3.0-37ubuntu5.0.2+esm1
Ubuntu:20.04:LTSxmlrpc-c1.33.14-8build2, 0, 1.33.14-8build1
Ubuntu:16.04:LTSexpat2.1.0-7ubuntu0.16.04.1, 0, 2.1.0-7
Ubuntu:18.04:LTSxmlrpc-c0, 1.33.14-7, 1.33.14-8build1
Ubuntu:25.10sitecopy1:0.16.6-16, 1:0.16.6-16build1, 0
Ubuntu:18.04:LTSvnc44.1.1+xorg4.3.0-37.3ubuntu2, 0
Ubuntu:14.04:LTSxmlrpc-c1.16.33-3.2ubuntu3, 1.33.06-0ubuntu1, 0
Ubuntu:Pro:16.04:LTSvnc44.1.1+xorg4.3.0-37.3ubuntu2, 4.1.1+xorg4.3.0-37.3ubuntu2.1+esm1, 0
Ubuntu:14.04:LTSexpat0, 2.1.0-4, 2.1.0-4ubuntu1
Ubuntu:24.04:LTSxmlrpc-c1.33.14-12, 1.33.14-12build1, 1.33.14-12build2
Ubuntu:25.10xmlrpc-c1.59.03-10.1, 1.59.03-9, 1.59.03-7
Ubuntu:22.04:LTSxmlrpc-c1.33.14-10, 1.33.14-9, 0
Ubuntu:16.04:LTSxmlrpc-c0, 1.33.14-0.2ubuntu3, 1.33.14-1ubuntu1

Timeline

  • Jun 6, 2016 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 9, 2025 EPSS Score
  • Apr 10, 2025 EPSS Score
  • Apr 14, 2025 EPSS Score
  • Apr 15, 2025 EPSS Score
  • Apr 18, 2025 EPSS Score
  • Apr 19, 2025 EPSS Score
  • May 5, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›