oss-sec mailing list archives
Re: CVE requested: two stack exhaustation parsing xml files using mxml
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Sun, 8 May 2016 17:36:10 +0200
Sorry, the title of the mails was "CVE requested", but it should be "CVE request". Please assign CVE if it is suitable. Thanks! 2016-05-07 23:40 GMT+02:00 Gustavo Grieco <gustavo.grieco () gmail com>:
Hi, We found two stack exhustation conditions that can easily crash mxml when parsing an xml. Both issues are affecting versions 2.7 and 2.9 (and probably others): * Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml) * Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml) Found using QuickFuzz + Radamsa. Reproducers are attached. Regards, Gustavo.
Current thread:
- CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 07)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 08)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml cve-assign (May 09)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 11)