oss-sec mailing list archives
Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function
From: cve-assign () mitre org
Date: Tue, 26 Jan 2016 12:49:12 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
HTMLparser.c line:2517 : return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len)); "ctxt->input->cur - len" cause Out-of-bounds Read. heap-buffer-overflow READ of size 1
Use CVE-2016-2073.
From: Salvatore Bonaccorso While checking upstream bugzilla to see if that was reported I noticed https://bugzilla.gnome.org/show_bug.cgi?id=749115 Does this have the same root cause?
The CVE-2016-2073 PoC is an '&' followed by three characters, one of which is a 0273 character. The PoC in 749115 has an unexpected character immediately after a "<!DOCTYPE html" substring. We feel that the CVE-2016-2073 report can have that unique ID on the basis of (at least) a different attack methodology. CVE assignment for 749115 is also possible unless 749115 already has a CVE ID. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWp7B+AAoJEL54rhJi8gl5DrYP/210C002flIvBM/PY66OYkJw BXYc5DDLMANTpXaXoaHqYGODfRtwQjZF/sFYUgtOxFTYi3UCHxOpRNjhU77OOlQA 7aNSZ+PU/Tl15dt7PEJWdNuK0mD9Lofzg6HhxkJD6F6EQHarH0NHIbdEGV6WKGGR c2hACkO8WLCQxd+914f5YJBPsd+pKmWADKcmjV3yQMSr+6irHfzp+9UEDX/ma/3b 9yRwy+7Ubse2t5GNq/F4lepT2fF/lTLweNhSJgdzPg59/NGjf9ZBD14d/RmrRCgR KLlIjavWH8fGOAecBcyz7zVJAadQFOVy4DuCyOrvcVMJ6cCPjfv+oZD1r2COhPHW 9kYlHo5icgJQU8m796+H4pC9a71ckCFZ2EZ7uy8nWS1SG7WmUMJjE5lryt4O9MFt 8mmiJFXZGpX1gfaq2xHLkptGNMoaTkl+id2Vr/j2ATSCXHV3oNs4+IQLThp9vZ0Y q+fajmn0Yp0sO34/vWmDzoxvNWTuwf+LgPjFNsirG80a1Ivv2XtHaxh8G2xTCZh4 L6gv9PT3ha/UK2RKQxB7atIt/LS2I+DqD72TckY69JygqFg43Q+QAdGQKn1YP2tA pgs1SmgAtfOCPoph+4BYZAyIvmMzVDfAI4kjJE7AlZqAIwO3mIxaDFEd1OW3u/JY fYAMTYnQVg9Ld8+b+XPY =QCuy -----END PGP SIGNATURE-----
Current thread:
- Out-of-bounds Read in the libxml2's htmlParseNameComplex() function limingxing (Jan 25)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign (Jan 26)
- Re: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)
- Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function cve-assign (Feb 03)
- Re: Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function Salvatore Bonaccorso (Jan 26)