Vulnerabilities > CVE-2017-8871 - Infinite Loop vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gnome
opensuse
CWE-835
nessus
exploit available

Summary

The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.

Vulnerable Configurations

Part Description Count
Application
Gnome
1
OS
Opensuse
1

Exploit-Db

descriptionlibcroco 0.6.12 - Denial of Service. CVE-2017-8871. Dos exploit for Linux platform. Tags: Denial of Service (DoS)
fileexploits/linux/dos/42147.txt
idEDB-ID:42147
last seen2017-06-10
modified2017-06-09
platformlinux
port
published2017-06-09
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/42147/
titlelibcroco 0.6.12 - Denial of Service
typedos

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2284.NASL
    descriptionAccording to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.(CVE-2017-8834) - The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.(CVE-2017-8871) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-11-27
    plugin id131350
    published2019-11-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131350
    titleEulerOS 2.0 SP8 : libcroco (EulerOS-SA-2019-2284)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(131350);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2017-8834",
        "CVE-2017-8871"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : libcroco (EulerOS-SA-2019-2284)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the libcroco package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - The cr_tknzr_parse_comment function in cr-tknzr.c in
        libcroco 0.6.12 allows remote attackers to cause a
        denial of service (memory allocation error) via a
        crafted CSS file.(CVE-2017-8834)
    
      - The cr_parser_parse_selector_core function in
        cr-parser.c in libcroco 0.6.12 allows remote attackers
        to cause a denial of service (infinite loop and CPU
        consumption) via a crafted CSS file.(CVE-2017-8871)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2284
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b491ba3c");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libcroco packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcroco");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["libcroco-0.6.12-5.h2.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcroco");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1559.NASL
    descriptionAccording to the versions of the libcroco package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.(CVE-2017-8871) - The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.(CVE-2017-8834) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2020-05-01
    plugin id136262
    published2020-05-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/136262
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libcroco (EulerOS-SA-2020-1559)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1475.NASL
    descriptionAccording to the versions of the libcroco package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an
    last seen2020-04-30
    modified2020-04-16
    plugin id135637
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135637
    titleEulerOS Virtualization 3.0.2.2 : libcroco (EulerOS-SA-2020-1475)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2520.NASL
    descriptionAccording to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.(CVE-2017-8834) - The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.(CVE-2017-8871) - The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.(CVE-2017-7960) - ** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an
    last seen2020-05-08
    modified2019-12-04
    plugin id131673
    published2019-12-04
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131673
    titleEulerOS 2.0 SP2 : libcroco (EulerOS-SA-2019-2520)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2605.NASL
    descriptionAccording to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This package provides the necessary development libraries and include files to allow you to develop with libcroco.Security Fix(es):The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and 0.6.12 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted CSS file.(CVE-2017-7960)** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an
    last seen2020-05-08
    modified2019-12-18
    plugin id132140
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132140
    titleEulerOS 2.0 SP3 : libcroco (EulerOS-SA-2019-2605)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1468-1.NASL
    descriptionThis update for libcroco fixes the following issues : Security issues fixed : CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125873
    published2019-06-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125873
    titleSUSE SLED12 / SLES12 Security Update : libcroco (SUSE-SU-2019:1468-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-780.NASL
    descriptionThis update for libcroco fixes the following issues : Security issues fixed : - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-11
    modified2020-06-08
    plugin id137229
    published2020-06-08
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/137229
    titleopenSUSE Security Update : libcroco (openSUSE-2020-780)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1076.NASL
    descriptionAccording to the versions of the libcroco package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.(CVE-2017-8871) - The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.(CVE-2017-8834) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132830
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132830
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : libcroco (EulerOS-SA-2020-1076)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2694.NASL
    descriptionAccording to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.(CVE-2017-8834) - The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.(CVE-2017-8871) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-23
    plugin id132361
    published2019-12-23
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132361
    titleEulerOS 2.0 SP5 : libcroco (EulerOS-SA-2019-2694)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1575.NASL
    descriptionThis update for libcroco fixes the following issues : Security issues fixed : - CVE-2017-7960: Fixed heap overflow (input: check end of input before reading a byte) (bsc#1034481). - CVE-2017-7961: Fixed undefined behavior (tknzr: support only max long rgb values) (bsc#1034482). - CVE-2017-8834: Fixed denial of service (memory allocation error) via a crafted CSS file (bsc#1043898). - CVE-2017-8871: Fixed denial of service (infinite loop and CPU consumption) via a crafted CSS file (bsc#1043899). This update was imported from the SUSE:SLE-12-SP2:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126036
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126036
    titleopenSUSE Security Update : libcroco (openSUSE-2019-1575)