Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <D31580E7.2725E%grant.murphy@hpe.com>
Date: Mon, 21 Mar 2016 17:44:46 +0000
From: "Murphy, Grant" <grant.murphy@....com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
	"gustavo.grieco@...il.com" <gustavo.grieco@...il.com>
CC: "cve-assign@...re.org" <cve-assign@...re.org>
Subject: Re: Re: CVE request: Stack exhaustion in libxml2
 parsing xml files in recover mode

On 3/21/16, 7:58 AM, "cve-assign@...re.org" <cve-assign@...re.org> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA256
>
>> gdb --args xmllint --recover no-recover.xml
>
>> Program received signal SIGSEGV, Segmentation fault.
>> _int_malloc (av=0x7ffff7826760 <main_arena>, bytes=2) at malloc.c:3302
>
>Use CVE-2016-3627.
>
>> It was reported to the libxml2 bug tracker some
>> time ago but the maintainers are quite busy, so they haven't fixed it.
>
>It's typically useful to mention the bug number even if it isn't
>currently a public bug, in case correlation is needed later.

Looks like it was reported here:
https://bugzilla.gnome.org/show_bug.cgi?id=762100

>
>- -- 
>CVE Assignment Team
>M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
>[ A PGP key is available for encrypted communications at
>  http://cve.mitre.org/cve/request_id.html ]
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1
>
>iQIcBAEBCAAGBQJW8AsWAAoJEL54rhJi8gl58g4P/i/POnAJzcVBHPdk0svtHKl+
>+510uhal1JlA6r3y3AiDnqsaRM5TMzuzYs+0l9EA8ydM9nx0UMAOkA/1tHVl48P1
>cJcMMoHj/dv/pBBsAaSuJEr2VttXOn4gCuhhVOJQBc1g4sMYUNEdsn3dJ9HbyI6W
>sL2fkuGxXCMTl5at94lLJI+Hij8t+VrDSmS+0e+W7AvL4uDuyYH6b4Bcp4BmlX8l
>m52hCy9Y72MoSHeituWXLZZ75EIWdwy8ftTmjxpO08ZPR2YjUIiwDYBZKvfWCpFt
>aQc/FJrvygTbXtfvT6WUli8qrz1Q2EzYV5c1/jGSfh+0YaNJkvDdLsRlCE0qMm4L
>TnoZmD2boumgRmCLAwmqQrkCZeSh6I8ET/I6NHhor8f0LXEuVGOjjN1IJCJ2wRT7
>QGp7iejweiDoL1EioQg2pZij4BmG8jxy4XtJRZUBtJzt8yYfIP//z5Lm+3MwO7Uq
>UCscXaI0xpLAP4WW/kQTij9wVBnByu61USK7z96dytNcxYqmQhFhaBbUcT3phqwe
>JhwGxCONz1wDJG028cXD/r1DX/s/3dHLKWbSrg6zjETaBNTkuIgQBO6SJ9tPcRht
>/7T/LPgsNvuqydPksZWan1ytstfOhEDrl2pexJBgnwpt6QlsZnKtIScHDn3PNBND
>rpeM6ZE03EVFPNQRk0sK
>=1y/J
>-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.