Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

libcroco 0.6.12 - Denial of Service

🗓️ 09 Jun 2017 00:00:00Reported by qflb.wuType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 45 Views

libcroco 0.6.12 denial of service vulnerabilities in css parse

Related
Code
ReporterTitlePublishedViews
Family
0day.today		libcroco 0.6.12 - Denial of Service Vulnerability
10 Jun 201700:00
zdt
AlpineLinux		CVE-2017-8834
12 Jun 201706:00
alpinelinux
AlpineLinux		CVE-2017-8871
12 Jun 201706:00
alpinelinux
AstraLinux		 Astra Linux - уязвимость в libcroco
3 May 202623:59
astralinux
AstraLinux		 Astra Linux - уязвимость в libcroco
3 May 202623:59
astralinux
CNVD		libcroco Denial of Service Vulnerability (CNVD-2017-11760)
9 Jun 201700:00
cnvd
CNVD		libcroco Denial of Service Vulnerability
9 Jun 201700:00
cnvd
CVE		CVE-2017-8834
12 Jun 201706:00
cve
CVE		CVE-2017-8871
12 Jun 201706:00
cve
Cvelist		CVE-2017-8834
12 Jun 201706:00
cvelist
Rows per page
libcroco multiple vulnerabilities
================
Author : qflb.wu
===============


Introduction:
=============
Libcroco is a standalone css2 parsing and manipulation library.
The parser provides a low level event driven SAC like api and a css object model like api.
Libcroco provides a CSS2 selection engine and an experimental xml/css rendering engine.


Affected version:
=====
0.6.12


Vulnerability Description:
==========================
1. 
the cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 can cause a denial of service (memory allocation error) via a crafted CSS file.


./csslint-0.6 --dump-location libcroco_0_6_12_memory_allocation_error.css


==21841==ERROR: AddressSanitizer failed to allocate 0x20002000 (536879104) bytes of LargeMmapAllocator: 12
...
==21841==AddressSanitizer CHECK failed: /build/buildd/llvm-toolchain-3.4-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:68 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
    ...
    #10 0x7fd78c2fcb4d in cr_tknzr_parse_comment /home/a/Downloads/libcroco-0.6.12/src/cr-tknzr.c:462
    #11 0x7fd78c2fcb4d in cr_tknzr_get_next_token /home/a/Downloads/libcroco-0.6.12/src/cr-tknzr.c:2218
    #12 0x7fd78c356f6e in cr_parser_try_to_skip_spaces_and_comments /home/a/Downloads/libcroco-0.6.12/src/cr-parser.c:634
    #13 0x7fd78c368a43 in cr_parser_parse_stylesheet /home/a/Downloads/libcroco-0.6.12/src/cr-parser.c:2538
    #14 0x7fd78c368a43 in cr_parser_parse /home/a/Downloads/libcroco-0.6.12/src/cr-parser.c:4381
    #15 0x480a8e in sac_parse_and_display_locations /home/a/Downloads/libcroco-0.6.12/csslint/csslint.c:960
    #16 0x480a8e in main /home/a/Downloads/libcroco-0.6.12/csslint/csslint.c:1001
    #17 0x7fd78b397f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
    #18 0x47c95c in _start (/home/a/Downloads/libcroco-0.6.12/csslint/.libs/lt-csslint-0.6+0x47c95c)


    Reproducer:
    libcroco_0_6_12_memory_allocation_error.css
    CVE:
    CVE-2017-8834


2.
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 can cause a denial of service(infinite loop and CPU consumption) via a crafted CSS file.


./csslint-0.6 --dump-location libcroco_0_6_12_infinite_loop.css


Reproducer:
libcroco_0_6_12_infinite_loop.css
CVE:
CVE-2017-8871


===============================


qflb.wu () dbappsecurity com cn


Proofs of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42147.zip

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Jun 2017 00:00Current
6.9Medium risk
Vulners AI Score6.9
CVSS 27.1
CVSS 3.16.5
EPSS0.0172
libcrocodenial of servicevulnerabilitiescss parsercrafted css filememory allocation errorinfinite loopcpu consumptioncve-2017-8834cve-2017-8871
45