Date: Wed, 11 May 2016 22:44:13 +0200 From: Gustavo Grieco <gustavo.grieco@...il.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: CVE requested: two stack exhaustation parsing xml files using mxml 2016-05-10 1:25 GMT+02:00 <cve-assign@...re.org>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > >> We found two stack exhaustion conditions that can easily crash mxml >> when parsing an xml. > > (The two example XML documents seem dissimilar. For example, > stack-exhaustion-2.xml starts with "<?xml" whereas > stack-exhaustion-1.xml does not.) > > >> Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml) > > Use CVE-2016-4570. > > >> Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml) > > Use CVE-2016-4571. Thanks! The report of these stack exhaustions is here: http://www.msweet.org/bugs.php?U549 (but you need to register) Just to clarify, since we compiled testmxml with ASAN, in order to reproduce using the attached files in the original binary it is necessary to reduce a little the stack size, for instance: $ ulimit -s 4000 The stack exhaustations are still possible with the original testmxml binary, but it requires slightly bigger files.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ