[jira] [Comment Edited] (XERCESC-2188) Use-after-free on external DTD scan
[ https://issues.apache.org/jira/browse/XERCESC-2188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17738217#comment-17738217 ] Benjamin Fritz edited comment on XERCESC-2188 at 6/30/23 10:35 PM: --- FYI [~ilatypov] updates to CVEs in NVD can be requested here: https://cveform.mitre.org/ (sometimes they respond with a different place to report instead, I will try to remember to update if this is the case for this one) I have gone ahead and requested the affected versions be updated to reflect that there is currently no fixed version, referencing this issue page and the advisory, since at this time version 3.2.3 is still listed as the last impacted version in NVD. Edit: I have been instructed to forward my request to secur...@apache.org because Apache is the CNA for this CVE. I have done so. was (Author: JIRAUSER295541): FYI [~ilatypov] updates to CVEs in NVD can be requested here: https://cveform.mitre.org/ (sometimes they respond with a different place to report instead, I will try to remember to update if this is the case for this one) I have gone ahead and requested the affected versions be updated to reflect that there is currently no fixed version, referencing this issue page and the advisory, since at this time version 3.2.3 is still listed as the last impacted version in NVD. > Use-after-free on external DTD scan > --- > > Key: XERCESC-2188 > URL: https://issues.apache.org/jira/browse/XERCESC-2188 > Project: Xerces-C++ > Issue Type: Bug > Components: Validating Parser (DTD) >Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3, > 3.1.4, 3.2.1, 3.2.2 >Reporter: Scott Cantor >Priority: Major > Attachments: Apache-496067-disclosure-report.pdf > > > This is a record of an unfixed bug reported in 2018 in the DTD scanner, per > the attached PDF, corresponding to CVE-2018-1311. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Comment Edited] (XERCESC-2188) Use-after-free on external DTD scan
[ https://issues.apache.org/jira/browse/XERCESC-2188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17738217#comment-17738217 ] Benjamin Fritz edited comment on XERCESC-2188 at 6/28/23 5:07 PM: -- FYI [~ilatypov] updates to CVEs in NVD can be requested here: https://cveform.mitre.org/ (sometimes they respond with a different place to report instead, I will try to remember to update if this is the case for this one) I have gone ahead and requested the affected versions be updated to reflect that there is currently no fixed version, referencing this issue page and the advisory, since at this time version 3.2.3 is still listed as the last impacted version in NVD. was (Author: JIRAUSER295541): FYI updates to CVEs in NVD can be requested here: https://cveform.mitre.org/ (sometimes they respond with a different place to report instead, I will try to remember to update if this is the case for this one) I have gone ahead and requested the affected versions be updated to reflect that there is currently no fixed version, referencing this issue page and the advisory, since at this time version 3.2.3 is still listed as the last impacted version in NVD. > Use-after-free on external DTD scan > --- > > Key: XERCESC-2188 > URL: https://issues.apache.org/jira/browse/XERCESC-2188 > Project: Xerces-C++ > Issue Type: Bug > Components: Validating Parser (DTD) >Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3, > 3.1.4, 3.2.1, 3.2.2 >Reporter: Scott Cantor >Priority: Major > Attachments: Apache-496067-disclosure-report.pdf > > > This is a record of an unfixed bug reported in 2018 in the DTD scanner, per > the attached PDF, corresponding to CVE-2018-1311. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Commented] (XERCESC-2188) Use-after-free on external DTD scan
[ https://issues.apache.org/jira/browse/XERCESC-2188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17738217#comment-17738217 ] Benjamin Fritz commented on XERCESC-2188: - FYI updates to CVEs in NVD can be requested here: https://cveform.mitre.org/ (sometimes they respond with a different place to report instead, I will try to remember to update if this is the case for this one) I have gone ahead and requested the affected versions be updated to reflect that there is currently no fixed version, referencing this issue page and the advisory, since at this time version 3.2.3 is still listed as the last impacted version in NVD. > Use-after-free on external DTD scan > --- > > Key: XERCESC-2188 > URL: https://issues.apache.org/jira/browse/XERCESC-2188 > Project: Xerces-C++ > Issue Type: Bug > Components: Validating Parser (DTD) >Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3, > 3.1.4, 3.2.1, 3.2.2 >Reporter: Scott Cantor >Priority: Major > Attachments: Apache-496067-disclosure-report.pdf > > > This is a record of an unfixed bug reported in 2018 in the DTD scanner, per > the attached PDF, corresponding to CVE-2018-1311. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Updated] (XERCESC-2240) Junk characters (including null) allowed in XML declaration
[ https://issues.apache.org/jira/browse/XERCESC-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benjamin Fritz updated XERCESC-2240: Description: In a library we've written using Xerces-C++ to validate XML files against a given XSD, we have discovered that the XercesDOMParser::parse() function does not record any errors if the XML declaration at the beginning of an XML document contains "junk" characters, including control characters (^K) or null bytes. The null control character specifically should be invalid in any XML document. I.e. the following XML file (attaching as basic_bad_bytes.xml) parses without error, but it should not: The following XML (attaching as basic_bad_bytes2.xml) correctly reports an error: This is similar to XERCESC-1701, where the end of the document after the root element was found to allow "junk" characters during parsing. was: In a library we've written using Xerces-C++ to validate XML files against a given XSD, we have discovered that the XercesDOMParser::parse() function does not record any errors if the XML declaration at the beginning of an XML document contains "junk" characters, including control characters (^K) or null bytes. The null control character specifically should be invalid in any XML document. I.e. the following XML file (attaching as basic_bad_bytes.xml) parses without error, but it should not: The following XML (attaching as basic_bad_bytes2.xml) correctly reports an error: This is similar to XERCESC-1701, where the end of the document after the root element was found to allow "junk" characters during parsing. > Junk characters (including null) allowed in XML declaration > --- > > Key: XERCESC-2240 > URL: https://issues.apache.org/jira/browse/XERCESC-2240 > Project: Xerces-C++ > Issue Type: Bug > Components: Non-Validating Parser >Affects Versions: 3.2.3 > Environment: Linux >Reporter: Benjamin Fritz >Priority: Minor > Attachments: basic_bad_bytes.xml, basic_bad_bytes2.xml > > > In a library we've written using Xerces-C++ to validate XML files against a > given XSD, we have discovered that the XercesDOMParser::parse() function does > not record any errors if the XML declaration at the beginning of an XML > document contains "junk" characters, including control characters (^K) or > null bytes. The null control character specifically should be invalid in any > XML document. I.e. the following XML file (attaching as basic_bad_bytes.xml) > parses without error, but it should not: > > > > > > The following XML (attaching as basic_bad_bytes2.xml) correctly reports an > error: > > > > > > This is similar to XERCESC-1701, where the end of the document after the root > element was found to allow "junk" characters during parsing. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Updated] (XERCESC-2240) Junk characters (including null) allowed in XML declaration
[ https://issues.apache.org/jira/browse/XERCESC-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benjamin Fritz updated XERCESC-2240: Component/s: Non-Validating Parser > Junk characters (including null) allowed in XML declaration > --- > > Key: XERCESC-2240 > URL: https://issues.apache.org/jira/browse/XERCESC-2240 > Project: Xerces-C++ > Issue Type: Bug > Components: Non-Validating Parser >Affects Versions: 3.2.3 > Environment: Linux >Reporter: Benjamin Fritz >Priority: Minor > Attachments: basic_bad_bytes.xml, basic_bad_bytes2.xml > > > In a library we've written using Xerces-C++ to validate XML files against a > given XSD, we have discovered that the XercesDOMParser::parse() function does > not record any errors if the XML declaration at the beginning of an XML > document contains "junk" characters, including control characters (^K) or > null bytes. The null control character specifically should be invalid in any > XML document. I.e. the following XML file (attaching as basic_bad_bytes.xml) > parses without error, but it should not: > > > > > > The following XML (attaching as basic_bad_bytes2.xml) correctly reports an > error: > > > > > > This is similar to XERCESC-1701, where the end of the document after the root > element was found to allow "junk" characters during parsing. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Updated] (XERCESC-1701) Xerces-C++ Allows junk after root element (null characters)
[ https://issues.apache.org/jira/browse/XERCESC-1701?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benjamin Fritz updated XERCESC-1701: Attachment: basic_bad_bytes3.xml > Xerces-C++ Allows junk after root element (null characters) > --- > > Key: XERCESC-1701 > URL: https://issues.apache.org/jira/browse/XERCESC-1701 > Project: Xerces-C++ > Issue Type: Bug > Components: Non-Validating Parser >Affects Versions: 3.0.1 > Environment: WindowsXP >Reporter: Maarten Koskamp >Priority: Major > Attachments: basic_bad_bytes3.xml, sample.xml, version.incl > > > Xerces-C allows a sequence of null characters after the document root at the > end of the xml instance. > XML Specifiction states that only white-space is allowed after the document > root. > See attached sample for details. > Info about the affected version of the parser is also added as an attachment > to this issue. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Updated] (XERCESC-2240) Junk characters (including null) allowed in XML declaration
[ https://issues.apache.org/jira/browse/XERCESC-2240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Benjamin Fritz updated XERCESC-2240: Attachment: basic_bad_bytes.xml basic_bad_bytes2.xml > Junk characters (including null) allowed in XML declaration > --- > > Key: XERCESC-2240 > URL: https://issues.apache.org/jira/browse/XERCESC-2240 > Project: Xerces-C++ > Issue Type: Bug >Affects Versions: 3.2.3 > Environment: Linux >Reporter: Benjamin Fritz >Priority: Minor > Attachments: basic_bad_bytes.xml, basic_bad_bytes2.xml > > > In a library we've written using Xerces-C++ to validate XML files against a > given XSD, we have discovered that the XercesDOMParser::parse() function does > not record any errors if the XML declaration at the beginning of an XML > document contains "junk" characters, including control characters (^K) or > null bytes. The null control character specifically should be invalid in any > XML document. I.e. the following XML file (attaching as basic_bad_bytes.xml) > parses without error, but it should not: > > > > > > The following XML (attaching as basic_bad_bytes2.xml) correctly reports an > error: > > > > > > This is similar to XERCESC-1701, where the end of the document after the root > element was found to allow "junk" characters during parsing. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
[jira] [Created] (XERCESC-2240) Junk characters (including null) allowed in XML declaration
Benjamin Fritz created XERCESC-2240: --- Summary: Junk characters (including null) allowed in XML declaration Key: XERCESC-2240 URL: https://issues.apache.org/jira/browse/XERCESC-2240 Project: Xerces-C++ Issue Type: Bug Affects Versions: 3.2.3 Environment: Linux Reporter: Benjamin Fritz In a library we've written using Xerces-C++ to validate XML files against a given XSD, we have discovered that the XercesDOMParser::parse() function does not record any errors if the XML declaration at the beginning of an XML document contains "junk" characters, including control characters (^K) or null bytes. The null control character specifically should be invalid in any XML document. I.e. the following XML file (attaching as basic_bad_bytes.xml) parses without error, but it should not: The following XML (attaching as basic_bad_bytes2.xml) correctly reports an error: This is similar to XERCESC-1701, where the end of the document after the root element was found to allow "junk" characters during parsing. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org
