Lucene search
Qflb.wuEDB-ID:42147HistoryJun 09, 2017 - 12:00 a.m.
libcroco 0.6.12 - Denial of Service
2017-06-0900:00:00
qflb.wu
www.exploit-db.com
34
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
42.1%
libcroco multiple vulnerabilities
================
Author : qflb.wu
===============
Introduction:
=============
Libcroco is a standalone css2 parsing and manipulation library.
The parser provides a low level event driven SAC like api and a css object model like api.
Libcroco provides a CSS2 selection engine and an experimental xml/css rendering engine.
Affected version:
=====
0.6.12
Vulnerability Description:
==========================
1.
the cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 can cause a denial of service (memory allocation error) via a crafted CSS file.
./csslint-0.6 --dump-location libcroco_0_6_12_memory_allocation_error.css
==21841==ERROR: AddressSanitizer failed to allocate 0x20002000 (536879104) bytes of LargeMmapAllocator: 12
...
==21841==AddressSanitizer CHECK failed: /build/buildd/llvm-toolchain-3.4-3.4/projects/compiler-rt/lib/sanitizer_common/sanitizer_posix.cc:68 "(("unable to mmap" && 0)) != (0)" (0x0, 0x0)
...
#10 0x7fd78c2fcb4d in cr_tknzr_parse_comment /home/a/Downloads/libcroco-0.6.12/src/cr-tknzr.c:462
#11 0x7fd78c2fcb4d in cr_tknzr_get_next_token /home/a/Downloads/libcroco-0.6.12/src/cr-tknzr.c:2218
#12 0x7fd78c356f6e in cr_parser_try_to_skip_spaces_and_comments /home/a/Downloads/libcroco-0.6.12/src/cr-parser.c:634
#13 0x7fd78c368a43 in cr_parser_parse_stylesheet /home/a/Downloads/libcroco-0.6.12/src/cr-parser.c:2538
#14 0x7fd78c368a43 in cr_parser_parse /home/a/Downloads/libcroco-0.6.12/src/cr-parser.c:4381
#15 0x480a8e in sac_parse_and_display_locations /home/a/Downloads/libcroco-0.6.12/csslint/csslint.c:960
#16 0x480a8e in main /home/a/Downloads/libcroco-0.6.12/csslint/csslint.c:1001
#17 0x7fd78b397f44 (/lib/x86_64-linux-gnu/libc.so.6+0x21f44)
#18 0x47c95c in _start (/home/a/Downloads/libcroco-0.6.12/csslint/.libs/lt-csslint-0.6+0x47c95c)
Reproducer:
libcroco_0_6_12_memory_allocation_error.css
CVE:
CVE-2017-8834
2.
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 can cause a denial of service(infinite loop and CPU consumption) via a crafted CSS file.
./csslint-0.6 --dump-location libcroco_0_6_12_infinite_loop.css
Reproducer:
libcroco_0_6_12_infinite_loop.css
CVE:
CVE-2017-8871
===============================
qflb.wu () dbappsecurity com cn
Proofs of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42147.zipRelated
openvas
openvas
openSUSE: Security Advisory for libcroco (openSUSE-SU-2020:0780-1)
2020-06-09 00:00:00
Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2020-1559)
2020-04-30 00:00:00
Huawei EulerOS: Security Advisory for libcroco (EulerOS-SA-2019-2284)
2020-01-23 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : libcroco (SUSE-SU-2020:1535-1)
2020-06-18 00:00:00
openSUSE Security Update : libcroco (openSUSE-2020-780)
2020-06-08 00:00:00
EulerOS 2.0 SP5 : libcroco (EulerOS-SA-2019-2694)
2019-12-23 00:00:00
exploitpack
exploitpack
libcroco 0.6.12 - Denial of Service
2017-06-09 00:00:00
suse
suse
Security update for libcroco (low)
2020-06-08 00:00:00
Security update for libcroco (moderate)
2019-06-18 00:00:00
osv
osv
libcroco vulnerabilities
2024-08-13 15:39:41
libcroco vulnerabilities
2022-04-26 14:05:43
CVE-2017-8871
2017-06-12 06:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1865
2021-07-02 17:11:38
ubuntu
ubuntu
Libcroco vulnerabilities
2022-04-26 00:00:00
Libcroco vulnerabilities
2024-08-13 00:00:00
mageia
mageia
Updated libcroco packages fix security vulnerability
2019-12-15 21:03:05
debiancve
debiancve
CVE-2017-8834
2017-06-12 06:29:00
CVE-2017-8871
2017-06-12 06:29:00
cve
cve
CVE-2017-8834
2017-06-12 06:29:00
CVE-2017-8871
2017-06-12 06:29:00
ubuntucve
ubuntucve
CVE-2017-8871
2017-06-12 00:00:00
CVE-2017-8834
2017-06-12 00:00:00
redhatcve
redhatcve
CVE-2017-8871
2017-06-20 14:48:47
CVE-2017-8834
2017-06-20 14:49:02
prion
prion
Code injection
2017-06-12 06:29:00
Design/Logic Flaw
2017-06-12 06:29:00
cvelist
cvelist
CVE-2017-8871
2017-06-12 06:00:00
CVE-2017-8834
2017-06-12 06:00:00
alpinelinux
alpinelinux
CVE-2017-8871
2017-06-12 06:29:00
CVE-2017-8834
2017-06-12 06:29:00
nvd
nvd
CVE-2017-8871
2017-06-12 06:29:00
CVE-2017-8834
2017-06-12 06:29:00
veracode
veracode
Denial Of Service (DoS)
2018-11-28 02:12:53
Denial Of Service (DoS)
2018-11-28 02:09:47
zdt
zdt
libcroco 0.6.12 - Denial of Service Vulnerability
2017-06-10 00:00:00
CVSS2
7.1
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
6.9
Confidence
High
EPSS
0.001
Percentile
42.1%
Related for EDB-ID:42147