CVE-2015-8710

CRITICAL

libxml2 < 2.9.3 - Heap-Based Buffer Overflow via Unclosed HTML Comment

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-8710. PoCs published by Karm.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2015-8710, a vulnerability in libxml2 that involves uninitialized memory reads during HTML parsing. The PoC demonstrates the issue by parsing a malformed HTML fragment, triggering a conditional jump based on uninitialized values.

Description

The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.

Exploits (1)

nomisec WORKING POC 1 stars

by Karm · poc

https://github.com/Karm/CVE-2015-8710

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2015-8710, a vulnerability in libxml2 that involves uninitialized memory reads during HTML parsing. The PoC demonstrates the issue by parsing a malformed HTML fragment, triggering a conditional jump based on uninitialized values.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: libxml2 (versions prior to 2.9.3)

No auth needed

Prerequisites: libxml2 library and headers for compilation

MITRE ATT&CK