Lucene search

K

Veracode Vulnerability DatabaseVERACODE:44759

HistoryDec 20, 2023 - 7:42 a.m.

Denial Of Service (DoS)

2023-12-2007:42:35

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

denial of service

libtinyxml.so

vulnerability

tinyxmlparser.cpp

crafted xml document

reachable assertion

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.3%

libtinyxml.so is vulnerable to Denial Of Service (DoS). The vulnerability arises due to a reachable assertion in tinyxmlparser.cpp. An attacker can potentially crash the application via a crafted XML document with a \0 located after a whitespace.

References

bugzilla.suse.com/show_bug.cgi?id=1218040

lists.debian.org/debian-lts-announce/2023/12/msg00024.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/

sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp

www.forescout.com/resources/sierra21-vulnerabilities

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

20.3%

Related for VERACODE:44759

prion1 openvas7 nessus5 ubuntu1 cve1 nvd1 mageia1 ubuntucve1 alpinelinux1 redos1 cvelist1 osv2 debiancve1 debian1 fedora2