Date: Sun, 22 Nov 2015 13:40:00 -0500 (EST) From: cve-assign@...re.org To: hanno@...eck.de Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: Libxml2: Several out of bounds reads -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > https://blog.fuzzing-project.org/28-Libxml2-Several-out-of-bounds-reads.html As far as we can tell, what you mean is that: - http://www.xmlsoft.org/news.html mentions 10 CVE IDs - the descriptions of those CVE IDs seem largely unrelated to either 751603 or 751631 - also, there is discussion in 751631 about possibly not having a CVE ID - the cve-assign@...re.org address was on your Cc line and thus your own preference is for your research to have a CVE mapping when possible. > A malformed XML file can cause a heap out of bounds read access in the > function xmlParseXMLDecl. > xmlParseXMLDecl: out of bounds heap access if versionencoding="es and any UTF-8 got > https://bugzilla.gnome.org/show_bug.cgi?id=751603 > https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c > A second, very similar issue in the same function xmlParseXMLDecl. > xmlParseXMLDecl: out of bounds heap read on 0xff char in xml declaration > https://bugzilla.gnome.org/show_bug.cgi?id=751631 > https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e Use CVE-2015-8317 for both 751603 and 751631. > A malformed XML file can cause a global out of bounds read access in > the function xmlNextChar. This only affected the git code and was never > an issue in any release version. Upstream bug #751643 In the case of a widely used library, a vulnerability in git code, without an affected upstream release, can sometimes have a CVE ID. However, it would be necessary to establish that a product used the vulnerable code. For example, at least in the past, one of the principal libxml2 users was Chrome. At present, it seems that Chromium is using parserInternals.c from 2.9.2, not from unreleased git code (download https://chromium.googlesource.com/chromium/src/+/master/third_party/libxml/src/parserInternals.c?format=TEXT and then base64 decode that and compare it to the 2.9.2 file). Our guess is that it is unlikely that this specific xmlNextChar vulnerability affected a product; we are not planning to research this, but other people can research it if they wish. There is currently no CVE ID for 751643. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWUgt2AAoJEL54rhJi8gl52L8P/2RdsX8z7Nhp2S3GVWWZddNL 2YVKRFdxwqHfa1oMiqL8vVXnHTsBCdpjTdhsX6ORK5LhZQFLaqUsBSe8NRkoUoYq B34M2GYVTH6HLAPzij5018F03g/EWwQCwJcBSThwqViIAZ0zSmIhY6AHZEk9jfsd rdvepctBbIMIqLArKCopnEmsHqtaEHWqHRHjgQ/8is7PbCms2rpXZz5UbSCw1yMu L5970e+8qCtoe/Enrvt27UX01LinZixqEKnSXl9muP+dDiHknefWgAtdIQwTtuAQ 5uuxUPznirOn0zmUsRUlf4jSgVwY1bIX2hWwsOGYp2ZYE70MrRZnlKM4GOWJr4NE bhLgR2VCvLE53o+1YgJpa/yUEiOs9Ha/h+OqulrmmXvWM9fprfuHypqKyduQO7EX Ry4CwyiM88Ua3CLq4vFr8nlQ03wdOkmbQ7ZeCYKeCLZcuCMwpSg4ZxR06to1K98z +cps1tAWLl7/jzBDt6nGRsNx8vh6yqVPC02Slygbvy31/0lDcTjcNvRDf19ZEJ4w d0lKwbj640HFwXNdGLWnDTmr0ARjLwSetHlj3ypwYkPulyrukGrIvGFjxcgFNYue 6uQSKsNa5zLr3q9eVshVcR02MYDsLlWBZEiATZXjZdxjotGacwXH3cLaCm31M9JN LlN6eSzFCq0Q+TXc0t9b =pJGl -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ