Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 21 Mar 2016 17:44:46 +0000
From: "Murphy, Grant" <>
To: "" <>,
	"" <>
CC: "" <>
Subject: Re: Re: CVE request: Stack exhaustion in libxml2
 parsing xml files in recover mode

On 3/21/16, 7:58 AM, "" <> wrote:

>Hash: SHA256
>> gdb --args xmllint --recover no-recover.xml
>> Program received signal SIGSEGV, Segmentation fault.
>> _int_malloc (av=0x7ffff7826760 <main_arena>, bytes=2) at malloc.c:3302
>Use CVE-2016-3627.
>> It was reported to the libxml2 bug tracker some
>> time ago but the maintainers are quite busy, so they haven't fixed it.
>It's typically useful to mention the bug number even if it isn't
>currently a public bug, in case correlation is needed later.

Looks like it was reported here:

>- -- 
>CVE Assignment Team
>M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
>[ A PGP key is available for encrypted communications at
> ]
>Version: GnuPG v1

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ