Lucene search
GoogleOSV:CVE-2018-20592HistoryDec 30, 2018 - 6:29 p.m.
CVE-2018-20592
2018-12-3018:29:00
Google
osv.dev
9
In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
References
github.com/michaelrsweet/mxml/issues/237
github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_1.txt.err
github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/uaf_mxml-node.c:128_2.txt.err
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RNWF6BAU7S42O4LE4B74KIMHFE2HDNMI/
Related
cvelist
cvelist
CVE-2018-20592
2018-12-30 18:00:00
prion
prion
Design/Logic Flaw
2018-12-30 18:29:00
debiancve
debiancve
CVE-2018-20592
2018-12-30 18:29:00
nvd
nvd
CVE-2018-20592
2018-12-30 18:29:00
cve
cve
CVE-2018-20592
2018-12-30 18:29:00
ubuntucve
ubuntucve
CVE-2018-20592
2018-12-30 00:00:00
nessus
nessus
Fedora 30 : mxml (2019-4182dd32eb)
2019-05-02 00:00:00
Fedora 28 : mxml (2019-d333d01e08)
2019-03-25 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: mxml-3.0-1.fc30
2019-03-29 19:37:51
[SECURITY] Fedora 29 Update: mxml-3.0-1.fc29
2019-03-29 21:03:57
[SECURITY] Fedora 28 Update: mxml-3.0-1.fc28
2019-03-25 05:29:35
mageia
mageia
Updated mxml packages fix security vulnerabilities
2019-05-12 12:35:33
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0159)
2022-01-28 00:00:00
Fedora Update for mxml FEDORA-2019-f99619e34d
2019-05-07 00:00:00
Fedora Update for mxml FEDORA-2019-d333d01e08
2019-03-28 00:00:00