Ahmed Lekssays 9cb3d8d200
Fix GHSA-453j-q27h-5p8x ...
Libxml versions prior to 2.13 cannot correctly handle a call to
xmlNodeSetName() with a name longer than 2G. It will leave the node
object in an invalid state with a NULL name. This later causes a NULL
pointer dereference when using the name during message serialization.
To solve this, implement a workaround that resets the name to the
sentinel name if this situation arises.
Versions of libxml of 2.13 and higher are not affected.
This can be exploited if a SoapVar is created with a fully qualified
name that is longer than 2G. This would be possible if some application
code uses a namespace prefix from an untrusted source like from a remote
SOAP service.
Co-authored-by: Niels Dossche <7771979+nielsdos@users.noreply.github.com >
2025-06-24 23:32:34 +02:00
2024-10-12 15:12:40 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-05-26 12:18:51 +02:00
2021-08-20 12:54:39 +02:00
2021-05-26 12:18:51 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-05-26 12:18:51 +02:00
2021-08-20 10:08:22 +02:00
2021-05-26 12:21:45 +02:00
2021-05-26 12:18:51 +02:00
2023-08-28 17:24:45 +02:00
2021-05-26 12:18:51 +02:00
2021-05-26 12:18:51 +02:00
2023-05-09 19:48:45 +02:00
2021-08-20 14:15:23 +02:00
2023-11-22 20:39:29 -06:00
2021-04-08 10:36:44 +02:00
2021-05-26 12:18:51 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-06-29 17:13:02 +02:00
2021-04-08 10:36:44 +02:00
2021-05-26 12:18:51 +02:00
2021-05-26 12:18:51 +02:00
2021-05-26 12:18:51 +02:00
2023-05-09 19:48:45 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2022-05-23 16:51:32 +02:00
2022-05-23 16:49:12 +02:00
2022-10-13 16:00:36 +02:00
2022-10-13 15:56:08 +02:00
2023-10-11 17:21:54 +02:00
2023-10-11 17:21:54 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2024-09-27 19:56:19 +02:00
2024-09-27 19:56:19 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-07-19 13:44:20 +02:00
2021-04-08 10:36:44 +02:00
2025-06-24 23:32:34 +02:00
2021-07-14 09:36:26 +02:00
2021-05-26 12:18:51 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-05-26 12:18:51 +02:00
2021-05-26 12:18:51 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-05-26 12:18:51 +02:00
2021-05-26 12:18:51 +02:00
2021-04-08 10:36:44 +02:00
2021-04-08 10:36:44 +02:00
2021-05-26 12:18:51 +02:00
2021-05-26 12:18:51 +02:00
2021-04-08 10:36:44 +02:00
9cb3d8d200