979206 – (CVE-2016-4571) VUL-1: CVE-2016-4571: mxml: two stack exhaustation parsing xml files using mxml

Bug 979206 (CVE-2016-4571) - VUL-1: CVE-2016-4571: mxml: two stack exhaustation parsing xml files using mxml

Summary: VUL-1: CVE-2016-4571: mxml: two stack exhaustation parsing xml files using mxml

Status:	RESOLVED FIXED

Alias:	CVE-2016-4571

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Marcus Rückert
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/168776/
Whiteboard:	CVSSv2:RedHat:CVE-2016-4571:4.3:(AV:N...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-05-10 08:07 UTC by Sebastian Krahmer
Modified:	2018-02-22 16:49 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
stack-exhaustion-2.xml (123.42 KB, text/plain) 2017-03-10 10:49 UTC, Marcus Meissner	Details
testmxml.c (18.93 KB, text/x-csrc) 2017-03-10 10:53 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2016-05-10 08:07:07 UTC

CVE-2016-4571



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4571
http://seclists.org/oss-sec/2016/q2/295

Comment 1 Swamp Workflow Management 2016-05-10 22:00:13 UTC

bugbot adjusting priority

Comment 2 Marcus Rückert 2017-03-08 18:04:40 UTC

sle11 doesnt seems to be effected.

Comment 3 Marcus Meissner 2017-03-10 10:48:32 UTC

https://github.com/michaelrsweet/mxml/commit/5f74dc212497332d05882660db130a37d2f458eb

https://github.com/michaelrsweet/mxml/commit/d8c0ba900728d47523d76ba4acf33176cd04647c

Comment 4 Marcus Meissner 2017-03-10 10:49:52 UTC

Created attachment 717020 [details]
stack-exhaustion-2.xml

stack-exhaustion-2.xml  from reproducers.

needs to be fed into a mxml parser

Comment 5 Marcus Meissner 2017-03-10 10:53:32 UTC

Created attachment 717021 [details]
testmxml.c

QA REPRODUCER:

gcc -pthread -o testmxml testmxml.c -lmxml
ulimit -s 1024
./testmxml stack-exhaustion-2.xml

should not segfault

Comment 6 Marcus Rückert 2017-03-10 15:54:37 UTC

sle 11 submission 129141.

leap was submitted earlier already.

Comment 7 Swamp Workflow Management 2017-03-27 19:08:11 UTC

openSUSE-SU-2017:0815-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 979205,979206
CVE References: CVE-2016-4570,CVE-2016-4571
Sources used:
openSUSE Leap 42.2 (src):    mxml-2.9-5.3.1
openSUSE Leap 42.1 (src):    mxml-2.9-5.1

Comment 8 Swamp Workflow Management 2017-11-23 20:10:41 UTC

SUSE-SU-2017:3060-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 979205,979206
CVE References: CVE-2016-4570,CVE-2016-4571
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mxml-2.5-24.3.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mxml-2.5-24.3.1

Comment 9 Marcus Meissner 2018-02-22 16:49:23 UTC

released