ID CVE-2018-20004
Summary An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
References
Vulnerable Configurations
  • cpe:2.3:a:mini-xml_project:mini-xml:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:mini-xml_project:mini-xml:2.12:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
fedora
  • FEDORA-2019-d333d01e08
  • FEDORA-2019-f99619e34d
misc
mlist [debian-lts-announce] 20190125 [SECURITY] [DLA 1641-1] mxml security update
Last major update 24-08-2020 - 17:37
Published 10-12-2018 - 06:29
Last modified 24-08-2020 - 17:37
Back to Top