oss-sec mailing list archives
Re: Libxml2: Several out of bounds reads
From: cve-assign () mitre org
Date: Sun, 22 Nov 2015 13:40:00 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html
As far as we can tell, what you mean is that: - http://www.xmlsoft.org/news.html mentions 10 CVE IDs - the descriptions of those CVE IDs seem largely unrelated to either 751603 or 751631 - also, there is discussion in 751631 about possibly not having a CVE ID - the cve-assign () mitre org address was on your Cc line and thus your own preference is for your research to have a CVE mapping when possible.
A malformed XML file can cause a heap out of bounds read access in the function xmlParseXMLDecl.
xmlParseXMLDecl: out of bounds heap access if versionencoding="es and any UTF-8 got
https://bugzilla.gnome.org/show_bug.cgi?id=751603 https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c
A second, very similar issue in the same function xmlParseXMLDecl.
xmlParseXMLDecl: out of bounds heap read on 0xff char in xml declaration
https://bugzilla.gnome.org/show_bug.cgi?id=751631 https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e
Use CVE-2015-8317 for both 751603 and 751631.
A malformed XML file can cause a global out of bounds read access in the function xmlNextChar. This only affected the git code and was never an issue in any release version. Upstream bug #751643
In the case of a widely used library, a vulnerability in git code, without an affected upstream release, can sometimes have a CVE ID. However, it would be necessary to establish that a product used the vulnerable code. For example, at least in the past, one of the principal libxml2 users was Chrome. At present, it seems that Chromium is using parserInternals.c from 2.9.2, not from unreleased git code (download https://chromium.googlesource.com/chromium/src/+/master/third_party/libxml/src/parserInternals.c?format=TEXT and then base64 decode that and compare it to the 2.9.2 file). Our guess is that it is unlikely that this specific xmlNextChar vulnerability affected a product; we are not planning to research this, but other people can research it if they wish. There is currently no CVE ID for 751643. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWUgt2AAoJEL54rhJi8gl52L8P/2RdsX8z7Nhp2S3GVWWZddNL 2YVKRFdxwqHfa1oMiqL8vVXnHTsBCdpjTdhsX6ORK5LhZQFLaqUsBSe8NRkoUoYq B34M2GYVTH6HLAPzij5018F03g/EWwQCwJcBSThwqViIAZ0zSmIhY6AHZEk9jfsd rdvepctBbIMIqLArKCopnEmsHqtaEHWqHRHjgQ/8is7PbCms2rpXZz5UbSCw1yMu L5970e+8qCtoe/Enrvt27UX01LinZixqEKnSXl9muP+dDiHknefWgAtdIQwTtuAQ 5uuxUPznirOn0zmUsRUlf4jSgVwY1bIX2hWwsOGYp2ZYE70MrRZnlKM4GOWJr4NE bhLgR2VCvLE53o+1YgJpa/yUEiOs9Ha/h+OqulrmmXvWM9fprfuHypqKyduQO7EX Ry4CwyiM88Ua3CLq4vFr8nlQ03wdOkmbQ7ZeCYKeCLZcuCMwpSg4ZxR06to1K98z +cps1tAWLl7/jzBDt6nGRsNx8vh6yqVPC02Slygbvy31/0lDcTjcNvRDf19ZEJ4w d0lKwbj640HFwXNdGLWnDTmr0ARjLwSetHlj3ypwYkPulyrukGrIvGFjxcgFNYue 6uQSKsNa5zLr3q9eVshVcR02MYDsLlWBZEiATZXjZdxjotGacwXH3cLaCm31M9JN LlN6eSzFCq0Q+TXc0t9b =pJGl -----END PGP SIGNATURE-----
Current thread:
- Libxml2: Several out of bounds reads Hanno Böck (Nov 21)
- Re: Libxml2: Several out of bounds reads cve-assign (Nov 22)