Vigil@nce - libxml2: infinite loop of xmlStringGetNodeList__internal_alias
April 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can generate an infinite recursion in
xmlStringGetNodeList__internal_alias() of libxml2, in order to
trigger a denial of service.
– Impacted products: libxml2.
– Severity: 1/4.
– Creation date: 21/03/2016.
DESCRIPTION OF THE VULNERABILITY
The xmllint tool of libxml2 has the option "—recover" to try to
decode a malformed XML document.
However, a malformed document triggers an infinite recursion in
the xmlStringGetNodeList__internal_alias() function, which
depletes the stack.
An attacker can therefore generate an infinite recursion in
xmlStringGetNodeList__internal_alias() of libxml2, in order to
trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN