Lucene search

MitreCVE-2023-34194

HistoryDec 13, 2023 - 2:15 p.m.

CVE-2023-34194

2023-12-1314:15:43

CWE-617

mitre

web.nvd.nist.gov

nvd

cve

tinyxml

tixmldeclaration

parse

tinyxmlparser.cpp

stringequal

xml

security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

20.3%

JSON

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a ‘\0’ located after whitespace.

Affected configurations

Nvd

Node

tinyxml_projecttinyxmlRange≤2.6.2

VendorProductVersionCPE
tinyxml_projecttinyxml*cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tinyxml_project	tinyxml	*	cpe:2.3:a:tinyxml_project:tinyxml::::::::

References

lists.debian.org/debian-lts-announce/2023/12/msg00024.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/

sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp

www.forescout.com/resources/sierra21-vulnerabilities

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

20.3%

JSON

Related for CVE-2023-34194