CVE-2021-28040

2021-03-0518:15:13

Google

osv.dev

ossec

recursion vulnerability

xml tags

segmentation fault

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

40.6%

JSON

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.

References

github.com/ossec/ossec-hids/issues/1953