Thread: BUG #16793: Libxml2 contains a null pointer dereference flaw in xpath.c

BUG #16793: Libxml2 contains a null pointer dereference flaw in xpath.c

From

PG Bug reporting form

Date:

28 December 2020, 09:41:47

The following bug has been logged on the website:

Bug reference:      16793
Logged by:          Srinivas Gowda
Email address:      srinivasg@jfrog.com
PostgreSQL version: 12.5
Operating system:   docker image alpine
Description:

Libxml2 contains a null pointer dereference flaw in xpath.c that is
triggered when handling errors for xpointer expressions. this may allow a
context-dependent attacker to crash a process linked against the library.

Re: BUG #16793: Libxml2 contains a null pointer dereference flaw in xpath.c

From

Tom Lane

Date:

28 December 2020, 18:14:10

PG Bug reporting form <noreply@postgresql.org> writes:
> Libxml2 contains a null pointer dereference flaw in xpath.c that is
> triggered when handling errors for xpointer expressions. this may allow a
> context-dependent attacker to crash a process linked against the library.

Why are you reporting this here, and not to the libxml2 authors?
There's nothing we can do about it.

            regards, tom lane