oss-sec mailing list archives
Re: CVE requested: two stack exhaustation parsing xml files using mxml
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Wed, 11 May 2016 22:44:13 +0200
2016-05-10 1:25 GMT+02:00 <cve-assign () mitre org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256We found two stack exhaustion conditions that can easily crash mxml when parsing an xml.(The two example XML documents seem dissimilar. For example, stack-exhaustion-2.xml starts with "<?xml" whereas stack-exhaustion-1.xml does not.)Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml)Use CVE-2016-4570.Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml)Use CVE-2016-4571.
Thanks! The report of these stack exhaustions is here: http://www.msweet.org/bugs.php?U549 (but you need to register) Just to clarify, since we compiled testmxml with ASAN, in order to reproduce using the attached files in the original binary it is necessary to reduce a little the stack size, for instance: $ ulimit -s 4000 The stack exhaustations are still possible with the original testmxml binary, but it requires slightly bigger files.
Current thread:
- CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 07)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 08)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml cve-assign (May 09)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 11)