Re: [xml] Research about vulnerabilities

On 29/10/2019 14:30, Raphael de Carvalho Muniz wrote:
I found in the commit history of Libxml2 (commit 9acef28) the presence of the following code snippet in the libxml.c file (Lines 1,597 - 1,612).

More specifically python/libxml.c which is part of the Python bindings.

I believe that this commit presents a weakness that, If format strings can be influenced by an attacker, they can be exploited.

libxml_buildMessage is only called from error handlers which should never receive format strings from an external source.

You can't just pick a function that calls printf with a variable format string and assume that it's vulnerable. It depends on how the function is called and which format strings it receives.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]