CVE-2018-16428 – CVE-2018-16428 is a NULL pointer dereference vu... (How to Fix)

Q: What is the severity of CVE-2018-16428?

CVE-2018-16428 has a CVSS score of 9.8 (CRITICAL). CVE-2018-16428 is a NULL pointer dereference vulnerability in GNOME GLib's g_markup_parse_context_end_parse() function. This allows attackers to cause denial of service (application crash) or potentially execute arbitrary code by parsing malicious XML data. Any application using GLib for XML parsing is affected.

📋 TL;DR

CVE-2018-16428 is a NULL pointer dereference vulnerability in GNOME GLib's g_markup_parse_context_end_parse() function. This allows attackers to cause denial of service (application crash) or potentially execute arbitrary code by parsing malicious XML data. Any application using GLib for XML parsing is affected.

💻 Affected Systems

Products:

GNOME GLib
Applications using GLib XML parsing

Versions: GLib versions before 2.56.2

Operating Systems: Linux, Unix-like systems, Any OS running GLib applications

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing XML with g_markup_parse_context_end_parse() after certain error conditions.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if combined with other vulnerabilities or memory corruption techniques.

🟠

Likely Case

Application crash (denial of service) when processing malicious XML input.

🟢

If Mitigated

Limited to denial of service if proper input validation and sandboxing are implemented.

🌐 Internet-Facing: MEDIUM - Requires XML parsing of untrusted input, which may occur in web services or APIs.

🏢 Internal Only: LOW - Typically requires local access or specific XML processing scenarios.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept demonstrates crash via NULL pointer dereference; weaponization for RCE would require additional exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: GLib 2.56.2 and later

Vendor Advisory: https://gitlab.gnome.org/GNOME/glib/issues/1364

Restart Required: Yes

Instructions:

1. Update GLib package using system package manager. 2. For Debian/Ubuntu: sudo apt update && sudo apt upgrade libglib2.0-0. 3. For RHEL/CentOS: sudo yum update glib2. 4. Restart affected applications or reboot system.

🔧 Temporary Workarounds

Disable XML parsing features

all

If possible, disable or restrict XML parsing functionality in applications using GLib.

Input validation

all

Implement strict input validation for XML data before passing to GLib parsing functions.

🧯 If You Can't Patch

Implement network segmentation to isolate systems using vulnerable GLib versions
Deploy application-level firewalls to filter malicious XML payloads

🔍 How to Verify

Check if Vulnerable:

Check GLib version: dpkg -l libglib2.0-0 | grep ^ii or rpm -q glib2

Check Version:

pkg-config --modversion glib-2.0

Verify Fix Applied:

Verify version is 2.56.2 or higher: pkg-config --modversion glib-2.0

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation faults
GLib error messages related to XML parsing

Network Indicators:

Unusual XML payloads sent to services
Repeated connection attempts with malformed data

SIEM Query:

source="application.log" AND ("segmentation fault" OR "NULL pointer" OR "g_markup")

📊 Metadata

CVE ID: CVE-2018-16428

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-476

Published: September 4, 2018

Last Updated: November 21, 2024

🔗 References

http://www.openwall.com/lists/oss-security/2020/02/14/3
http://www.securityfocus.com/bid/105210 Third Party Advisory,VDB Entry
https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9 Patch,Vendor Advisory
https://gitlab.gnome.org/GNOME/glib/issues/1364 Exploit,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html
https://usn.ubuntu.com/3767-1/ Third Party Advisory
https://usn.ubuntu.com/3767-2/ Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/02/14/3
http://www.securityfocus.com/bid/105210 Third Party Advisory,VDB Entry
https://gitlab.gnome.org/GNOME/glib/commit/fccef3cc822af74699cca84cd202719ae61ca3b9 Patch,Vendor Advisory
https://gitlab.gnome.org/GNOME/glib/issues/1364 Exploit,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html
https://usn.ubuntu.com/3767-1/ Third Party Advisory
https://usn.ubuntu.com/3767-2/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-16428, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Glib by Gnome

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

Ubuntu Linux by Canonical

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable XML parsing features

Input validation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities