Bug 1319829 (CVE-2016-3627) - CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode
Summary: CVE-2016-3627 libxml2: stack exhaustion while parsing xml files in recovery mode
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-3627
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20160321,repor...
Depends On: 1319832 1319830 1319831 1340367 1340369 1340370 1340371
Blocks: 1332827 1395463
TreeView+ depends on / blocked
 
Reported: 2016-03-21 15:47 UTC by Andrej Nemec
Modified: 2019-06-11 11:13 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Missing recursive loop detection checks were found in the xmlParserEntityCheck() and xmlStringGetNodeList() functions of libxml2, causing application using the library to crash by stack exhaustion while building the associated data. An attacker able to send XML data to be parsed in recovery mode could launch a Denial of Service on the application.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:50:01 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:1292 normal SHIPPED_LIVE Important: libxml2 security update 2016-07-18 17:29:39 UTC
Red Hat Product Errata RHSA-2016:2957 normal SHIPPED_LIVE Important: Red Hat JBoss Core Services Apache HTTP 2.4.23 Release 2016-12-16 03:11:19 UTC

Description Andrej Nemec 2016-03-21 15:47:44 UTC
A vulnerability was found in a way libxml2 parses certain files. With the libxml2 in recovery mode, a maliciously crafted filed could cause libxml2 to crash.

References:

http://seclists.org/oss-sec/2016/q1/682

CVE assignment:

http://seclists.org/oss-sec/2016/q1/683

Comment 1 Andrej Nemec 2016-03-21 15:48:20 UTC
Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1319830]

Comment 2 Andrej Nemec 2016-03-21 15:48:26 UTC
Created mingw-libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1319831]
Affects: epel-7 [bug 1319832]

Comment 6 Daniel Veillard 2016-06-06 14:32:54 UTC
*** Bug 1332820 has been marked as a duplicate of this bug. ***

Comment 7 errata-xmlrpc 2016-06-23 10:32:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2016:1292 https://access.redhat.com/errata/RHSA-2016:1292

Comment 8 errata-xmlrpc 2016-12-15 22:16:49 UTC
This issue has been addressed in the following products:



Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html


Note You need to log in before you can comment on or make changes to this bug.