Bug ID: 1262849
Summary: libxml2: Out-of-bounds memory access when parsing
unclosed HTMl comment
Product: Security Response
CC: athmanem(a)gmail.com, c.david86(a)gmail.com,
Out-of-bounds memory access vulnerability when parsing unclosed HTMl comment
was found in libxml2. By entering a unclosed html comment such as <!-- the
libxml2 parser didn't stop parsing at the end of the buffer, causing random
memory to be included in the parsed comment.
Upstream was notified, but patch is not released yet. However, a patch for
nokogiri, which uses embedded libxml2, was proposed:
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug