Vigil@nce - libxml2: infinite loop of xmlParserEntityCheck
July 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an infinite recursion in
xmlStringGetNodeList() of libxml2, in order to trigger a denial of
service.
Impacted products: Debian, libxml2, openSUSE, openSUSE Leap, RHEL,
SLES, Ubuntu.
Severity: 2/4.
Creation date: 03/05/2016.
DESCRIPTION OF THE VULNERABILITY
The libxml2 library includes an XML parser.
However, a malformed document triggers an infinite recursion in
the xmlParserEntityCheck(), xmlParseEntityValue() and
xmlParseAttValueComplex() functions, which depletes the stack.
An attacker can therefore generate an infinite recursion in
xmlStringGetNodeList() of libxml2, in order to trigger a denial of
service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/libxml2-infinite-loop-of-xmlParserEntityCheck-19513