[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Re: CVE request: Stack exhaustion in libxml2 parsing xml files in recover mode
From:       "Murphy, Grant" <grant.murphy () hpe ! com>
Date:       2016-03-21 17:44:46
Message-ID: D31580E7.2725E%grant.murphy () hpe ! com
[Download RAW message or body]

On 3/21/16, 7:58 AM, "cve-assign@mitre.org" <cve-assign@mitre.org> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>> gdb --args xmllint --recover no-recover.xml
>
>> Program received signal SIGSEGV, Segmentation fault.
>> _int_malloc (av=0x7ffff7826760 <main_arena>, bytes=2) at malloc.c:3302
>
>Use CVE-2016-3627.
>
>> It was reported to the libxml2 bug tracker some
>> time ago but the maintainers are quite busy, so they haven't fixed it.
>
>It's typically useful to mention the bug number even if it isn't
>currently a public bug, in case correlation is needed later.

Looks like it was reported here:
https://bugzilla.gnome.org/show_bug.cgi?id=762100

>
>- -- 
>CVE Assignment Team
>M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
>[ A PGP key is available for encrypted communications at
>  http://cve.mitre.org/cve/request_id.html ]
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1
>
>iQIcBAEBCAAGBQJW8AsWAAoJEL54rhJi8gl58g4P/i/POnAJzcVBHPdk0svtHKl+
>+510uhal1JlA6r3y3AiDnqsaRM5TMzuzYs+0l9EA8ydM9nx0UMAOkA/1tHVl48P1
>cJcMMoHj/dv/pBBsAaSuJEr2VttXOn4gCuhhVOJQBc1g4sMYUNEdsn3dJ9HbyI6W
>sL2fkuGxXCMTl5at94lLJI+Hij8t+VrDSmS+0e+W7AvL4uDuyYH6b4Bcp4BmlX8l
>m52hCy9Y72MoSHeituWXLZZ75EIWdwy8ftTmjxpO08ZPR2YjUIiwDYBZKvfWCpFt
>aQc/FJrvygTbXtfvT6WUli8qrz1Q2EzYV5c1/jGSfh+0YaNJkvDdLsRlCE0qMm4L
>TnoZmD2boumgRmCLAwmqQrkCZeSh6I8ET/I6NHhor8f0LXEuVGOjjN1IJCJ2wRT7
>QGp7iejweiDoL1EioQg2pZij4BmG8jxy4XtJRZUBtJzt8yYfIP//z5Lm+3MwO7Uq
>UCscXaI0xpLAP4WW/kQTij9wVBnByu61USK7z96dytNcxYqmQhFhaBbUcT3phqwe
>JhwGxCONz1wDJG028cXD/r1DX/s/3dHLKWbSrg6zjETaBNTkuIgQBO6SJ9tPcRht
>/7T/LPgsNvuqydPksZWan1ytstfOhEDrl2pexJBgnwpt6QlsZnKtIScHDn3PNBND
>rpeM6ZE03EVFPNQRk0sK
>=1y/J
>-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic