Lucene search

Alpine Linux Development TeamALPINE:CVE-2023-34194

HistoryDec 13, 2023 - 2:15 p.m.

CVE-2023-34194

2023-12-1314:15:43

Alpine Linux Development Team

security.alpinelinux.org

tinyxml

cve-2023-34194

stringequal

tixmldeclaration

parse

tinyxmlparser.cpp

vulnerability

assertion

application exit

crafted xml

whitespace

unix

7.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.2%

JSON

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a ‘\0’ located after whitespace.

OSVersionArchitecturePackageVersionFilename
Alpine3.19-communitynoarchtinyxml= 2.6.2-r2UNKNOWN
Alpineedge-communitynoarchtinyxml= 2.6.2-r3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	3.19-community	noarch	tinyxml	= 2.6.2-r2	UNKNOWN
Alpine	edge-community	noarch	tinyxml	= 2.6.2-r3	UNKNOWN