Bug 1348845 (CVE-2016-4463) - CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
Summary: CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD
Status: CLOSED ERRATA
Alias: CVE-2016-4463
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20160629,repor...
Keywords: Reopened, Security
Depends On: 1351467 1351468 1351469 1534481 1534482 1631343 1631344
Blocks: 1348850
TreeView+ depends on / blocked
 
Reported: 2016-06-22 08:21 UTC by Adam Mariš
Modified: 2019-06-08 21:17 UTC (History)
21 users (show)

(edit)
A stack exhaustion flaw was found in the way Xerces-C XML parser handled deeply nested DTDs. An attacker could potentially use this flaw to crash an application using Xerces-C by tricking it into processing specially crafted data.
Clone Of:
(edit)
Last Closed: 2018-11-07 07:54:03 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3335 None None None 2018-10-30 08:00 UTC
Red Hat Product Errata RHSA-2018:3506 None None None 2018-11-06 15:47 UTC
Red Hat Product Errata RHSA-2018:3514 None None None 2018-11-06 16:18 UTC

Description Adam Mariš 2016-06-22 08:21:05 UTC
The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker.

Upstream patch:

http://svn.apache.org/viewvc?view=revision&revision=1747619

Upstream bugs:

https://issues.apache.org/jira/browse/XERCESC-2066
https://issues.apache.org/jira/browse/XERCESC-2069

In addition, a related enhancement was made to enable applications to fully disable DTD processing through the use of an environment variable.

http://svn.apache.org/viewvc?view=revision&revision=1747620

External References:

http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt

Comment 1 Andrej Nemec 2016-06-30 07:17:46 UTC
Created mingw-xerces-c tracking bugs for this issue:

Affects: fedora-all [bug 1351468]

Comment 2 Andrej Nemec 2016-06-30 07:17:56 UTC
Created xerces-c tracking bugs for this issue:

Affects: fedora-all [bug 1351467]

Comment 3 Andrej Nemec 2016-06-30 07:18:04 UTC
Created xerces-c27 tracking bugs for this issue:

Affects: fedora-all [bug 1351469]

Comment 4 Andrej Nemec 2016-06-30 07:18:49 UTC
Public via:

http://seclists.org/oss-sec/2016/q2/625

Comment 5 Fedora Update System 2016-07-02 15:23:28 UTC
xerces-c-3.1.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2016-07-05 04:57:33 UTC
mingw-xerces-c-3.1.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2016-07-06 05:50:53 UTC
mingw-xerces-c-3.1.4-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2016-07-06 05:51:42 UTC
xerces-c-3.1.4-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2016-07-06 05:54:19 UTC
mingw-xerces-c-3.1.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2016-07-06 05:55:00 UTC
xerces-c-3.1.4-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 14 Dhiru Kholia 2018-01-10 16:32:35 UTC
Statement:

Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ and Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Comment 28 errata-xmlrpc 2018-10-30 07:59:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3335 https://access.redhat.com/errata/RHSA-2018:3335

Comment 29 errata-xmlrpc 2018-11-06 15:47:48 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.5 Extended Update Support

Via RHSA-2018:3506 https://access.redhat.com/errata/RHSA-2018:3506

Comment 30 errata-xmlrpc 2018-11-06 16:18:41 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7.4 Extended Update Support

Via RHSA-2018:3514 https://access.redhat.com/errata/RHSA-2018:3514


Note You need to log in before you can comment on or make changes to this bug.