Re: [xml] Research about vulnerabilities
- From: Nick Wellnhofer <wellnhofer aevum de>
- To: Raphael de Carvalho Muniz <raphael copin ufcg edu br>, xml gnome org
- Subject: Re: [xml] Research about vulnerabilities
- Date: Tue, 29 Oct 2019 14:59:27 +0100
On 29/10/2019 14:30, Raphael de Carvalho Muniz wrote:
I found in the commit history of Libxml2 (commit 9acef28) the presence of the
following code snippet in the libxml.c file (Lines 1,597 - 1,612).
More specifically python/libxml.c which is part of the Python bindings.
I believe
that this commit presents a weakness that, If format strings can be influenced
by an attacker, they can be exploited.
libxml_buildMessage is only called from error handlers which should never
receive format strings from an external source.
You can't just pick a function that calls printf with a variable format string
and assume that it's vulnerable. It depends on how the function is called and
which format strings it receives.
Nick
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
