1619875 – (CVE-2018-14567) CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression

Bug 1619875 (CVE-2018-14567) - CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression

Summary: CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection dur...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2018-14567
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1619878 1619879 1619880 1619881 1622715
Blocks:	1619882
TreeView+	depends on / blocked

Reported:	2018-08-22 01:47 UTC by Sam Fowler
Modified:	2021-02-16 23:10 UTC (History)
CC List:	29 users (show)
Fixed In Version:	libxml2 2.9.7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-31 22:33:08 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2020:1190	0	None	None	None	2020-03-31 19:33:37 UTC

Description Sam Fowler 2018-08-22 01:47:36 UTC

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.


Upstream Patch:

https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74

Comment 1 Sam Fowler 2018-08-22 01:50:18 UTC

Created libxml2 tracking bugs for this issue:

Affects: fedora-all [bug 1619878]


Created mingw-libxml2 tracking bugs for this issue:

Affects: epel-7 [bug 1619880]
Affects: fedora-all [bug 1619879]

Comment 4 Scott Gayou 2018-08-27 19:38:30 UTC

RHEL5/6 use a libxml2 version released before it had LZMA support.

Comment 7 Doran Moppert 2018-08-31 05:28:22 UTC

Statement:

Red Hat Product Security has rated this flaw as having Low impact. A future update may address this issue.

Comment 8 Doran Moppert 2019-04-03 02:49:25 UTC

This was introduced in upstream version 2.9.6 via the following commit:

https://gitlab.gnome.org/GNOME/libxml2/commit/e2a9122b8d

Comment 9 errata-xmlrpc 2020-03-31 19:33:34 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:1190 https://access.redhat.com/errata/RHSA-2020:1190

Comment 10 Product Security DevOps Team 2020-03-31 22:33:08 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2018-14567

Note You need to log in before you can comment on or make changes to this bug.

abhgupta
athmanem
bmcclain
c.david86
csutherl
dbaker
dblechte
dfediuck
dking
dmoppert
eedri
erik-fedora
gzaronik
jclere
jokerman
ktietz
mbabacek
mgoldboi
michal.skrivanek
mturk
ohudlick
rh-spice-bugs
rjones
sbonazzo
sherold
sthangav
trankin
twalsh
veillard