https://bugzilla.redhat.com/show_bug.cgi?id=1262849
Bug ID: 1262849 Summary: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: amaris@redhat.com CC: athmanem@gmail.com, c.david86@gmail.com, drizt@land.ru, erik-fedora@vanpienbroek.nl, fedora-mingw@lists.fedoraproject.org, ktietz@redhat.com, lfarkas@lfarkas.org, ohudlick@redhat.com, rjones@redhat.com, veillard@redhat.com
Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment was found in libxml2. By entering a unclosed html comment such as <!-- the libxml2 parser didn't stop parsing at the end of the buffer, causing random memory to be included in the parsed comment.
CVE request:
http://seclists.org/oss-sec/2015/q3/540
Upstream was notified, but patch is not released yet. However, a patch for nokogiri, which uses embedded libxml2, was proposed:
https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998e...