Re: [xml] Research about vulnerabilities



On 29/10/2019 14:30, Raphael de Carvalho Muniz wrote:
I found in the commit history of Libxml2 (commit 9acef28) the presence of the following code snippet in the libxml.c file (Lines 1,597 - 1,612).
More specifically python/libxml.c which is part of the Python bindings.

I believe that this commit presents a weakness that, If format strings can be influenced by an attacker, they can be exploited.
libxml_buildMessage is only called from error handlers which should never 
receive format strings from an external source.
You can't just pick a function that calls printf with a variable format string 
and assume that it's vulnerable. It depends on how the function is called and 
which format strings it receives.
Nick


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]