Lucene search

[email protected]CVE-2023-34411

HistoryJun 05, 2023 - 4:15 a.m.

CVE-2023-34411

2023-06-0504:15:11

CWE-611

[email protected]

web.nvd.nist.gov

cve-2023-34411

xml-rs

rust

crab

denial of service

panic

invalid token

nvd

security vulnerability

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.2%

JSON

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.

Affected configurations

NVD

Node

xml_library_projectxml_libraryRange<0.8.14rust

CPENameOperatorVersion
xml_library_project:xml_libraryxml library project xml librarylt0.8.14

CPE	Name	Operator	Version
xml_library_project:xml_library	xml library project xml library	lt	0.8.14

References

github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f

github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c

github.com/netvl/xml-rs/compare/0.8.13...0.8.14

github.com/netvl/xml-rs/pull/226

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.2%

JSON

Related for CVE-2023-34411

cvelist1 nvd1 osv2 cbl_mariner1 github1 ubuntucve1 debiancve1 prion1