oss-sec mailing list archives
Re: CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode
From: cve-assign () mitre org
Date: Wed, 4 May 2016 01:33:55 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
We found an out-of-bounds read parsing a specially crafted xml in libxml2 if recover mode is used.
xmllint -recover
AddressSanitizer: heap-buffer-overflow ... READ of size 1
in xmlBufAttrSerializeTxtContent at xmlsave.c:2057
Use CVE-2016-4483 for this buffer over-read issue. (As far as we can tell, xmlsave.c is not specific to the xmllint program, e.g., libxml2_la_SOURCES = SAX.c entities.c encoding.c error.c parserInternals.c \ ... xmlwriter.c legacy.c chvalid.c pattern.c xmlsave.c \ in the Makefile.in file.) - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXKYjwAAoJEHb/MwWLVhi2XyQP/0HHmJWg4qK6CZ3MP51QXnpN moUDMdEST1oGlOSjfQcZ0i/i3yesk0qqfG2V1E+uH0Yu5FS78ud2mc+5/SZnjFzj RO71qkIUN8vrXSJRJ2CZrySAa6Z3VM5P3NZQHq1pZ/BF2fzwgFATwLb+476+BDOu tAIFMhWVH4TQ3YtG5dGrgDjCPK2LJCFockvvtjsYElfZQkTDKapk8/JjbZxmMcFY QPvM4YqCXrJ6i+LCO+LERFW51xZso6o32HqeeizfuT5Q+XTfx1Kd+t/VasVcGp77 k8AqhNJSNFnDFUCmN+fQN093q7GQQG80spKwYSOXfP9ZGb7g/jP5IRv1kbmtdDof eKKA2gQr7XMiGlqMxEUPFkVXYcX37oH1BMcjS7erw6+zE+EI6seW+6gWxK8Ke/Hg ycklozYz9ZsvrqS2cfR5kdG5EmNvgatYQ3pivZmjfp3V4W+dwXTxeNh4oiEF3YJv mhgdi3WqeH0z8ibyU75GVeZh3WHbcB4yNlyqeNOOcosvy6O2DNlA4LDqK7ouriGF AB0t+sy289WdDKHIPRVwTMlZkNaqtiuR5MUVKeYHH6y+qiqwdv4y69y5opBd+caP 2rAYNJx8e/lbBF6EvXVfQZdgzfLP644tv7+rsJwi5K7J0Nbvn6rkI6/nQIDRKNKe sNb0SV4CM2Tym0y40PGq =meeO -----END PGP SIGNATURE-----
Current thread:
- CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode Gustavo Grieco (May 03)
- Re: CVE request: out-of-bounds read parsing an XML in libxml2 using recover mode cve-assign (May 03)