[Bug 1262849] New: libxml2: Out-of-bounds memory access when parsing unclosed HTMl comment

Mon Sep 14 13:31:07 UTC 2015

https://bugzilla.redhat.com/show_bug.cgi?id=1262849

            Bug ID: 1262849
           Summary: libxml2: Out-of-bounds memory access when parsing
                    unclosed HTMl comment
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: amaris at redhat.com
                CC: athmanem at gmail.com, c.david86 at gmail.com,
                    drizt at land.ru, erik-fedora at vanpienbroek.nl,
                    fedora-mingw at lists.fedoraproject.org,
                    ktietz at redhat.com, lfarkas at lfarkas.org,
                    ohudlick at redhat.com, rjones at redhat.com,
                    veillard at redhat.com

Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment
was found in libxml2. By entering a unclosed html comment such as <!-- the
libxml2 parser didn't stop parsing at the end of the buffer, causing random
memory to be included in the parsed comment.

CVE request:

http://seclists.org/oss-sec/2015/q3/540

Upstream was notified, but patch is not released yet. However, a patch for
nokogiri, which uses embedded libxml2, was proposed:

https://github.com/Shopify/nokogiri/compare/1b1fcad8bd64ab70256666c38d2c998e86ade8c0...master

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ORcMh1DqE6&a=cc_unsubscribe