cvelistv5 - CVE-2021-42260

CVE-2021-42260 (GCVE-0-2021-42260)

Vulnerability from cvelistv5

Published

2021-10-11 00:00

Modified

2025-11-04 18:14

Severity ?

CWE

Summary

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

opensuse-su-2021:3639-1

Vulnerability from csaf_opensuse

Published

2021-11-09 16:05

Modified

2021-11-09 16:05

Summary

Security update for tinyxml

Notes

Title of the patch

Security update for tinyxml

Description of the patch

This update for tinyxml fixes the following issues: - CVE-2021-42260: Fixed an infinite loop for inputs containing the sequence 0xEF0x00 (bsc#1191576)

Patchnames

openSUSE-SLE-15.3-2021-3639

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tinyxml",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tinyxml fixes the following issues:\n\n- CVE-2021-42260: Fixed an infinite loop for inputs containing the sequence 0xEF0x00 (bsc#1191576)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-SLE-15.3-2021-3639",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_3639-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:3639-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2MO2YQSAKB3PM3TWSYUR2JCZND3ENJVZ/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:3639-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2MO2YQSAKB3PM3TWSYUR2JCZND3ENJVZ/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191576",
        "url": "https://bugzilla.suse.com/1191576"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-42260 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-42260/"
      }
    ],
    "title": "Security update for tinyxml",
    "tracking": {
      "current_release_date": "2021-11-09T16:05:33Z",
      "generator": {
        "date": "2021-11-09T16:05:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:3639-1",
      "initial_release_date": "2021-11-09T16:05:33Z",
      "revision_history": [
        {
          "date": "2021-11-09T16:05:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-3.3.1.aarch64",
                "product": {
                  "name": "libtinyxml0-2.6.2-3.3.1.aarch64",
                  "product_id": "libtinyxml0-2.6.2-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-3.3.1.aarch64",
                "product": {
                  "name": "tinyxml-devel-2.6.2-3.3.1.aarch64",
                  "product_id": "tinyxml-devel-2.6.2-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-3.3.1.aarch64",
                "product": {
                  "name": "tinyxml-docs-2.6.2-3.3.1.aarch64",
                  "product_id": "tinyxml-docs-2.6.2-3.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-3.3.1.ppc64le",
                "product": {
                  "name": "libtinyxml0-2.6.2-3.3.1.ppc64le",
                  "product_id": "libtinyxml0-2.6.2-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-3.3.1.ppc64le",
                "product": {
                  "name": "tinyxml-devel-2.6.2-3.3.1.ppc64le",
                  "product_id": "tinyxml-devel-2.6.2-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-3.3.1.ppc64le",
                "product": {
                  "name": "tinyxml-docs-2.6.2-3.3.1.ppc64le",
                  "product_id": "tinyxml-docs-2.6.2-3.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-3.3.1.s390x",
                "product": {
                  "name": "libtinyxml0-2.6.2-3.3.1.s390x",
                  "product_id": "libtinyxml0-2.6.2-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-3.3.1.s390x",
                "product": {
                  "name": "tinyxml-devel-2.6.2-3.3.1.s390x",
                  "product_id": "tinyxml-devel-2.6.2-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-3.3.1.s390x",
                "product": {
                  "name": "tinyxml-docs-2.6.2-3.3.1.s390x",
                  "product_id": "tinyxml-docs-2.6.2-3.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-3.3.1.x86_64",
                "product": {
                  "name": "libtinyxml0-2.6.2-3.3.1.x86_64",
                  "product_id": "libtinyxml0-2.6.2-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-3.3.1.x86_64",
                "product": {
                  "name": "tinyxml-devel-2.6.2-3.3.1.x86_64",
                  "product_id": "tinyxml-devel-2.6.2-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-3.3.1.x86_64",
                "product": {
                  "name": "tinyxml-docs-2.6.2-3.3.1.x86_64",
                  "product_id": "tinyxml-docs-2.6.2-3.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3",
                "product": {
                  "name": "openSUSE Leap 15.3",
                  "product_id": "openSUSE Leap 15.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-3.3.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.aarch64"
        },
        "product_reference": "libtinyxml0-2.6.2-3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-3.3.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.ppc64le"
        },
        "product_reference": "libtinyxml0-2.6.2-3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-3.3.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.s390x"
        },
        "product_reference": "libtinyxml0-2.6.2-3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-3.3.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.x86_64"
        },
        "product_reference": "libtinyxml0-2.6.2-3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-3.3.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.aarch64"
        },
        "product_reference": "tinyxml-devel-2.6.2-3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-3.3.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.ppc64le"
        },
        "product_reference": "tinyxml-devel-2.6.2-3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-3.3.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.s390x"
        },
        "product_reference": "tinyxml-devel-2.6.2-3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-3.3.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.x86_64"
        },
        "product_reference": "tinyxml-devel-2.6.2-3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-3.3.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.aarch64"
        },
        "product_reference": "tinyxml-docs-2.6.2-3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-3.3.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.ppc64le"
        },
        "product_reference": "tinyxml-docs-2.6.2-3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-3.3.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.s390x"
        },
        "product_reference": "tinyxml-docs-2.6.2-3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-3.3.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.x86_64"
        },
        "product_reference": "tinyxml-docs-2.6.2-3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-42260",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-42260"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.aarch64",
          "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.ppc64le",
          "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.s390x",
          "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.x86_64",
          "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.aarch64",
          "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.ppc64le",
          "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.s390x",
          "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.x86_64",
          "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.aarch64",
          "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.ppc64le",
          "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.s390x",
          "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-42260",
          "url": "https://www.suse.com/security/cve/CVE-2021-42260"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191576 for CVE-2021-42260",
          "url": "https://bugzilla.suse.com/1191576"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.aarch64",
            "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.ppc64le",
            "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.s390x",
            "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.x86_64",
            "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.aarch64",
            "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.ppc64le",
            "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.s390x",
            "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.x86_64",
            "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.aarch64",
            "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.ppc64le",
            "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.s390x",
            "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.aarch64",
            "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.ppc64le",
            "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.s390x",
            "openSUSE Leap 15.3:libtinyxml0-2.6.2-3.3.1.x86_64",
            "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.aarch64",
            "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.ppc64le",
            "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.s390x",
            "openSUSE Leap 15.3:tinyxml-devel-2.6.2-3.3.1.x86_64",
            "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.aarch64",
            "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.ppc64le",
            "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.s390x",
            "openSUSE Leap 15.3:tinyxml-docs-2.6.2-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-09T16:05:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-42260"
    }
  ]
}

opensuse-su-2024:13524-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

libtinyxml0-2.6.2-12.1 on GA media

Notes

Title of the patch

libtinyxml0-2.6.2-12.1 on GA media

Description of the patch

These are all security issues fixed in the libtinyxml0-2.6.2-12.1 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-13524

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libtinyxml0-2.6.2-12.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libtinyxml0-2.6.2-12.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-13524",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13524-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-42260 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-42260/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-34194 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-34194/"
      }
    ],
    "title": "libtinyxml0-2.6.2-12.1 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:13524-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-12.1.aarch64",
                "product": {
                  "name": "libtinyxml0-2.6.2-12.1.aarch64",
                  "product_id": "libtinyxml0-2.6.2-12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-12.1.aarch64",
                "product": {
                  "name": "tinyxml-devel-2.6.2-12.1.aarch64",
                  "product_id": "tinyxml-devel-2.6.2-12.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-12.1.aarch64",
                "product": {
                  "name": "tinyxml-docs-2.6.2-12.1.aarch64",
                  "product_id": "tinyxml-docs-2.6.2-12.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-12.1.ppc64le",
                "product": {
                  "name": "libtinyxml0-2.6.2-12.1.ppc64le",
                  "product_id": "libtinyxml0-2.6.2-12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-12.1.ppc64le",
                "product": {
                  "name": "tinyxml-devel-2.6.2-12.1.ppc64le",
                  "product_id": "tinyxml-devel-2.6.2-12.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-12.1.ppc64le",
                "product": {
                  "name": "tinyxml-docs-2.6.2-12.1.ppc64le",
                  "product_id": "tinyxml-docs-2.6.2-12.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-12.1.s390x",
                "product": {
                  "name": "libtinyxml0-2.6.2-12.1.s390x",
                  "product_id": "libtinyxml0-2.6.2-12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-12.1.s390x",
                "product": {
                  "name": "tinyxml-devel-2.6.2-12.1.s390x",
                  "product_id": "tinyxml-devel-2.6.2-12.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-12.1.s390x",
                "product": {
                  "name": "tinyxml-docs-2.6.2-12.1.s390x",
                  "product_id": "tinyxml-docs-2.6.2-12.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-12.1.x86_64",
                "product": {
                  "name": "libtinyxml0-2.6.2-12.1.x86_64",
                  "product_id": "libtinyxml0-2.6.2-12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-12.1.x86_64",
                "product": {
                  "name": "tinyxml-devel-2.6.2-12.1.x86_64",
                  "product_id": "tinyxml-devel-2.6.2-12.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-12.1.x86_64",
                "product": {
                  "name": "tinyxml-docs-2.6.2-12.1.x86_64",
                  "product_id": "tinyxml-docs-2.6.2-12.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-12.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64"
        },
        "product_reference": "libtinyxml0-2.6.2-12.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-12.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le"
        },
        "product_reference": "libtinyxml0-2.6.2-12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-12.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x"
        },
        "product_reference": "libtinyxml0-2.6.2-12.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-12.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64"
        },
        "product_reference": "libtinyxml0-2.6.2-12.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-12.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64"
        },
        "product_reference": "tinyxml-devel-2.6.2-12.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-12.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le"
        },
        "product_reference": "tinyxml-devel-2.6.2-12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-12.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x"
        },
        "product_reference": "tinyxml-devel-2.6.2-12.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-12.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64"
        },
        "product_reference": "tinyxml-devel-2.6.2-12.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-12.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64"
        },
        "product_reference": "tinyxml-docs-2.6.2-12.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-12.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le"
        },
        "product_reference": "tinyxml-docs-2.6.2-12.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-12.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x"
        },
        "product_reference": "tinyxml-docs-2.6.2-12.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-12.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
        },
        "product_reference": "tinyxml-docs-2.6.2-12.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-42260",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-42260"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
          "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
          "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
          "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
          "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
          "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
          "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
          "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
          "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
          "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
          "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
          "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-42260",
          "url": "https://www.suse.com/security/cve/CVE-2021-42260"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191576 for CVE-2021-42260",
          "url": "https://bugzilla.suse.com/1191576"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-42260"
    },
    {
      "cve": "CVE-2023-34194",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-34194"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
          "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
          "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
          "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
          "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
          "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
          "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
          "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
          "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
          "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
          "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
          "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-34194",
          "url": "https://www.suse.com/security/cve/CVE-2023-34194"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218040 for CVE-2023-34194",
          "url": "https://bugzilla.suse.com/1218040"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
            "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-34194"
    }
  ]
}

opensuse-su-2021:1474-1

Vulnerability from csaf_opensuse

Published

2021-11-15 09:06

Modified

2021-11-15 09:06

Summary

Security update for tinyxml

Notes

Title of the patch

Security update for tinyxml

Description of the patch

This update for tinyxml fixes the following issues: - CVE-2021-42260: Fixed an infinite loop for inputs containing the sequence 0xEF0x00 (bsc#1191576) This update was imported from the SUSE:SLE-15:Update update project.

Patchnames

openSUSE-2021-1474

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for tinyxml",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for tinyxml fixes the following issues:\n\n- CVE-2021-42260: Fixed an infinite loop for inputs containing the sequence 0xEF0x00 (bsc#1191576)\n\nThis update was imported from the SUSE:SLE-15:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-1474",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1474-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:1474-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F2M3VLHPBVPXWEAQR5CPGGUOGBI3B2GJ/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:1474-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/F2M3VLHPBVPXWEAQR5CPGGUOGBI3B2GJ/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1191576",
        "url": "https://bugzilla.suse.com/1191576"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-42260 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-42260/"
      }
    ],
    "title": "Security update for tinyxml",
    "tracking": {
      "current_release_date": "2021-11-15T09:06:58Z",
      "generator": {
        "date": "2021-11-15T09:06:58Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:1474-1",
      "initial_release_date": "2021-11-15T09:06:58Z",
      "revision_history": [
        {
          "date": "2021-11-15T09:06:58Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtinyxml0-2.6.2-lp152.4.3.1.x86_64",
                "product": {
                  "name": "libtinyxml0-2.6.2-lp152.4.3.1.x86_64",
                  "product_id": "libtinyxml0-2.6.2-lp152.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-devel-2.6.2-lp152.4.3.1.x86_64",
                "product": {
                  "name": "tinyxml-devel-2.6.2-lp152.4.3.1.x86_64",
                  "product_id": "tinyxml-devel-2.6.2-lp152.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "tinyxml-docs-2.6.2-lp152.4.3.1.x86_64",
                "product": {
                  "name": "tinyxml-docs-2.6.2-lp152.4.3.1.x86_64",
                  "product_id": "tinyxml-docs-2.6.2-lp152.4.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtinyxml0-2.6.2-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libtinyxml0-2.6.2-lp152.4.3.1.x86_64"
        },
        "product_reference": "libtinyxml0-2.6.2-lp152.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-devel-2.6.2-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:tinyxml-devel-2.6.2-lp152.4.3.1.x86_64"
        },
        "product_reference": "tinyxml-devel-2.6.2-lp152.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "tinyxml-docs-2.6.2-lp152.4.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:tinyxml-docs-2.6.2-lp152.4.3.1.x86_64"
        },
        "product_reference": "tinyxml-docs-2.6.2-lp152.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-42260",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-42260"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libtinyxml0-2.6.2-lp152.4.3.1.x86_64",
          "openSUSE Leap 15.2:tinyxml-devel-2.6.2-lp152.4.3.1.x86_64",
          "openSUSE Leap 15.2:tinyxml-docs-2.6.2-lp152.4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-42260",
          "url": "https://www.suse.com/security/cve/CVE-2021-42260"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1191576 for CVE-2021-42260",
          "url": "https://bugzilla.suse.com/1191576"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libtinyxml0-2.6.2-lp152.4.3.1.x86_64",
            "openSUSE Leap 15.2:tinyxml-devel-2.6.2-lp152.4.3.1.x86_64",
            "openSUSE Leap 15.2:tinyxml-docs-2.6.2-lp152.4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libtinyxml0-2.6.2-lp152.4.3.1.x86_64",
            "openSUSE Leap 15.2:tinyxml-devel-2.6.2-lp152.4.3.1.x86_64",
            "openSUSE Leap 15.2:tinyxml-docs-2.6.2-lp152.4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-11-15T09:06:58Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-42260"
    }
  ]
}

fkie_cve-2021-42260

Vulnerability from fkie_nvd

Published

2021-10-11 20:15

Modified

2025-11-04 19:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html	Mailing List, Third Party Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/
cve@mitre.org	https://sourceforge.net/p/tinyxml/bugs/141/	Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/
af854a3a-2127-422b-91ae-364da2661108	https://sourceforge.net/p/tinyxml/bugs/141/	Exploit, Issue Tracking, Third Party Advisory

Impacted products

Vendor	Product	Version
tinyxml_project	tinyxml	*
tinyxml_project	tinyxml	2.3.0
tinyxml_project	tinyxml	2.3.1
debian	debian_linux	9.0
debian	debian_linux	10.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE02F0C-889F-497F-A9F2-9F3129145ED5",
              "versionEndIncluding": "2.6.2",
              "versionStartIncluding": "2.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tinyxml_project:tinyxml:2.3.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "A870DC76-AAB7-4571-A6EE-294FC0E4B919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tinyxml_project:tinyxml:2.3.1:beta:*:*:*:*:*:*",
              "matchCriteriaId": "DAE75FD3-7682-40A3-92EF-BE6EBF157691",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service."
    },
    {
      "lang": "es",
      "value": "TinyXML versiones hasta 2.6.2, presenta un bucle infinito en la funci\u00f3n TiXmlParsingData::Stamp en el archivo tinyxmlparser.cpp por medio del caso TIXML_UTF_LEAD_0. Puede ser activado por un mensaje XML dise\u00f1ado y conlleva una denegaci\u00f3n de servicio"
    }
  ],
  "id": "CVE-2021-42260",
  "lastModified": "2025-11-04T19:15:40.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-11T20:15:07.433",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://sourceforge.net/p/tinyxml/bugs/141/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://sourceforge.net/p/tinyxml/bugs/141/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2021-42260

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-42260

Aliases

CVE-2021-42260

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-42260",
    "description": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.",
    "id": "GSD-2021-42260",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-42260.html",
      "https://advisories.mageia.org/CVE-2021-42260.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-42260"
      ],
      "details": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.",
      "id": "GSD-2021-42260",
      "modified": "2023-12-13T01:23:06.446163Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-42260",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://sourceforge.net/p/tinyxml/bugs/141/",
            "refsource": "MISC",
            "url": "https://sourceforge.net/p/tinyxml/bugs/141/"
          },
          {
            "name": "[debian-lts-announce] 20220430 [SECURITY] [DLA 2988-1] tinyxml security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html"
          },
          {
            "name": "[debian-lts-announce] 20220930 [SECURITY] [DLA 3130-1] tinyxml security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html"
          },
          {
            "name": "FEDORA-2024-80e6578a01",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
          },
          {
            "name": "FEDORA-2024-c9dc0ac419",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9CE02F0C-889F-497F-A9F2-9F3129145ED5",
                    "versionEndIncluding": "2.6.2",
                    "versionStartIncluding": "2.3.2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:tinyxml_project:tinyxml:2.3.0:beta:*:*:*:*:*:*",
                    "matchCriteriaId": "A870DC76-AAB7-4571-A6EE-294FC0E4B919",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:tinyxml_project:tinyxml:2.3.1:beta:*:*:*:*:*:*",
                    "matchCriteriaId": "DAE75FD3-7682-40A3-92EF-BE6EBF157691",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service."
          },
          {
            "lang": "es",
            "value": "TinyXML versiones hasta 2.6.2, presenta un bucle infinito en la funci\u00f3n TiXmlParsingData::Stamp en el archivo tinyxmlparser.cpp por medio del caso TIXML_UTF_LEAD_0. Puede ser activado por un mensaje XML dise\u00f1ado y conlleva una denegaci\u00f3n de servicio"
          }
        ],
        "id": "CVE-2021-42260",
        "lastModified": "2024-01-12T03:15:08.540",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2021-10-11T20:15:07.433",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List",
              "Third Party Advisory"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit",
              "Issue Tracking",
              "Third Party Advisory"
            ],
            "url": "https://sourceforge.net/p/tinyxml/bugs/141/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-835"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ghsa-x43j-m68c-2qxf

Vulnerability from github

Published

2022-05-24 19:17

Modified

2025-11-04 21:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-42260"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-835"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-11T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.",
  "id": "GHSA-x43j-m68c-2qxf",
  "modified": "2025-11-04T21:30:26Z",
  "published": "2022-05-24T19:17:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42260"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/04/msg00019.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/tinyxml/bugs/141"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2021-101544

Vulnerability from cnvd

Title

TinyXML无限循环漏洞

Description

TinyXML是一个C++ XML解析器，可以很容易地集成到其他程序中。 TinyXML 2.6.2及更早版本中的tinyxmlparser.cpp中的TiXmlParsingData::Stamp存在无限循环漏洞。攻击者可通过特制XML消息利用该漏洞导致拒绝服务。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://sourceforge.net/projects/tinyxml/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-42260

Impacted products

Name
leethomason TinyXML <=2.6.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-42260",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-42260"
    }
  },
  "description": "TinyXML\u662f\u4e00\u4e2aC++ XML\u89e3\u6790\u5668\uff0c\u53ef\u4ee5\u5f88\u5bb9\u6613\u5730\u96c6\u6210\u5230\u5176\u4ed6\u7a0b\u5e8f\u4e2d\u3002\n\nTinyXML 2.6.2\u53ca\u66f4\u65e9\u7248\u672c\u4e2d\u7684tinyxmlparser.cpp\u4e2d\u7684TiXmlParsingData::Stamp\u5b58\u5728\u65e0\u9650\u5faa\u73af\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u7279\u5236XML\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://sourceforge.net/projects/tinyxml/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-101544",
  "openTime": "2021-12-21",
  "products": {
    "product": "leethomason TinyXML \u003c=2.6.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-42260",
  "serverity": "\u4e2d",
  "submitTime": "2021-10-12",
  "title": "TinyXML\u65e0\u9650\u5faa\u73af\u6f0f\u6d1e"
}

CERTFR-2022-AVI-1053

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Belden. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Belden	N/A	Hirschmann HiLCOS OpenBAT, WLC, BAT450, BAT867, BATone et BAT-Controller Virtual versions antérieures à 10.34-RU3 ou 10.12-RU10
	Belden	N/A	Hirschmann BAT-C2 versions antérieures à 09.13.01.00R04 (la version 09.12.01.00R01 corrige néanmoins les vulnérabilités critiques CVE-2021-21872, CVE-2021-21873, CVE-2021-21875, CVE-2021-21876, CVE-2021-21877, CVE-2021-21881, CVE-2021-21883, CVE-2021-21884, CVE-2021-21887, CVE-2021-21888, CVE-2021-21889, CVE-2021-21890, CVE-2021-21891, CVE-2021-21892 et CVE-2021-21894)

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-42260 (GCVE-0-2021-42260)

Vulnerability from cvelistv5

Vulnerability from csaf_opensuse

Vulnerability from csaf_opensuse

Vulnerability from csaf_opensuse

Vulnerability from fkie_nvd

Vulnerability from gsd

Vulnerability from github

Vulnerability from cnvd

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature