CVE-2015-8710 PoC — Libxml2 安全漏洞

Source

https://github.com/Karm/CVE-2015-8710

Associated Vulnerability

Title:Libxml2 安全漏洞 (CVE-2015-8710)
Description:Libxml2是GNOME项目组所研发的一个基于C语言的用来解析XML文档的函数库，它支持多种编码格式、Xpath解析、Well-formed和valid验证等。 Libxml2的HTMLparser.c文件中的‘htmlParseComment’函数存在安全漏洞。攻击者可借助打开的HTML评论利用该漏洞获取敏感信息，造成拒绝服务（越边界堆内存访问和应用程序崩溃）。

Description

Windows/Linux reproducer

Readme

# Reproducer
Kudos to Mike Dalessio, Francois Chagnon, Florian Weingarten and Jun Kokatsu.
See [BZ 746048](https://bugzilla.gnome.org/show_bug.cgi?id=746048)

# Building on Linux

    $ cmake ../CVE-2015-8710/ -G "Unix Makefiles" -DLIBXML2_LIBRARIES=/path/to/your/library/libxml2.so.2 -DLIBXML2_INCLUDE_DIR=/path/to/your/sources/libxml2-2.9.1/include/
    $ make

## Reproducing on Linux

    $ valgrind ./bin/CVE_2015_8710
    
    Conditional jump or move depends on uninitialised value(s)

# Building on Windows

    λ vcvars32.bat
    λ cmake -G"NMake Makefiles" ..\CVE-2015-8710 
    -DCMAKE_BUILD_TYPE=Release
    -DCMAKE_C_FLAGS_RELEASE="/MT /O2 /Ob2 /Wall /Zi"
    -DLIBXML2_LIBRARIES=C:\Users\karm\WORKSPACE\libxmldevel\lib\libxml2.lib
    -DLIBXML2_INCLUDE_DIR=C:\Users\karm\WORKSPACE\libxmldevel\include\libxml2\

## Reproducing on Windows

    λ drmemory.exe -- CVE_2015_8710.exe
    
    UNINITIALIZED READ: reading

File Snapshot


 [4.0K]  /data/pocs/c6db4fa8c101815c7d2a59232b1d8d36b6613f38
├── [ 368]  CMakeLists.txt
├── [1.1K]  LICENSE.md
├── [ 933]  README.md
└── [4.0K]  src
    └── [ 526]  CVE_2015_8710.c

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!