Date: Tue, 17 May 2016 17:16:17 -0300 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Cc: sebastian@...ping.org, karl@...lawek.net Subject: CVE-2016-0718: Expat XML Parser Crashes on Malformed Input CVE-2016-0718: Expat XML Parser Crashes on Malformed Input Severity: Critical Versions Affected: All Expat XML Parser library versions Description: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Mitigation: Applications that are using Expat should apply the attached patch as soon as possible. Credit: this issue was reported by Gustavo Grieco and patched by: * Pascal Cuoq * Christian Heimes * Karl Waclawek * Gustavo Grieco * Sebastian Pipping View attachment "CVE-2016-0718-v2-2-1.patch" of type "text/x-patch" (26435 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ