Lucene search

MitreCVELIST:CVE-2023-34194

HistoryDec 13, 2023 - 12:00 a.m.

CVE-2023-34194

2023-12-1300:00:00

mitre

www.cve.org

cve-2023-34194

stringequal

tixmldeclaration

parse

tinyxmlparser.cpp

tinyxml

assertion

application exit

crafted xml document

whitespace

EPSS

0.001

Percentile

20.3%

JSON

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a ‘\0’ located after whitespace.

References

lists.debian.org/debian-lts-announce/2023/12/msg00024.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/

sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp

www.forescout.com/resources/sierra21-vulnerabilities

EPSS

0.001

Percentile

20.3%

JSON

Related for CVELIST:CVE-2023-34194