Date: Sun, 13 Sep 2015 14:32:21 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: Assign a CVE Identifier <cve-assign@...re.org> Subject: Re: libxml2 issue: out-of-bounds memory access when parsing an unclosed HTML comment Hi MITRE CVE assignment team, On Sun, Apr 19, 2015 at 10:11:58AM -0700, Reed Loden wrote: > (saw this randomly today on Twitter, so figured I'd send it on to make sure > it gets a CVE and actually gets fixed) > > https://hackerone.com/reports/57125#activity-384861 > > """ > This is an out-of-bounds memory access in libxml2. By entering a unclosed > html comment such as <!-- the libxml2 parser didn't stop parsing at the end > of the buffer, causing random memory to be included in the parsed comment > that was returned to ruby. In Shopify, this caused ruby objects from > previous http requests to be disclosed in the rendered page. > > Link to the issue in libxml2's bugtracker: > https://bugzilla.gnome.org/show_bug.cgi?id=746048 > > A patched version of nokogiri (which uses a embedded libxml2) is available > here: > https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998e86ade8c0...master > > This bug is still not patched upstream, but both libxml2 and nokogiri > developers are aware of the issue. > """ TTBOMK, this and as well http://www.openwall.com/lists/oss-security/2015/04/19/5 has a pending CVE assignment request. Can you assign CVEs for it, or does both actually do not warrant a CVE id assignment? Regards and thanks for all your work, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ