[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Re: Out-of-bounds Read in the libxml2's htmlParseNameComplex() function
From: Salvatore Bonaccorso <carnil () debian ! org>
Date: 2016-01-26 20:34:28
Message-ID: 20160126203428.GA30775 () eldamar ! local
[Download RAW message or body]
Hi,
On Tue, Jan 26, 2016 at 12:49:12PM -0500, cve-assign@mitre.org wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> > HTMLparser.c line:2517 :
> >
> > return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
> >
> > "ctxt->input->cur - len" cause Out-of-bounds Read.
> >
> > heap-buffer-overflow
> > READ of size 1
>
> Use CVE-2016-2073.
>
>
> > From: Salvatore Bonaccorso
> >
> > While checking upstream bugzilla to see if that was reported I noticed
> >
> > https://bugzilla.gnome.org/show_bug.cgi?id=749115
> >
> > Does this have the same root cause?
>
> The CVE-2016-2073 PoC is an '&' followed by three characters, one of
> which is a 0273 character. The PoC in 749115 has an unexpected
> character immediately after a "<!DOCTYPE html" substring. We feel that
> the CVE-2016-2073 report can have that unique ID on the basis of (at
> least) a different attack methodology. CVE assignment for 749115 is
> also possible unless 749115 already has a CVE ID.
Thank you for the clarification. Can you assign an additional CVE for
the 749115 issue?
Regards,
Salvatore
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic