Astra Linux - уязвимость в netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd performs incorrect memory handling during the parsing of crafted XML files, resulting in a one-byte constant being written beyond the bounds of the memory area...

Linux Distros Unpatched Vulnerability : CVE-2021-31347

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files writing...

Linux Distros Unpatched Vulnerability : CVE-2021-30485

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leadi...

SUSE CVE-2021-31348

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files out-of-bounds read after a certain strcspn failure...

CVE-2021-30485

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...

CVE-2022-30045

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read...

Heap overflow

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read...

CVE-2022-30045

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read...

CVE-2022-30045

The CVE-2022-30045 issue affects ezXML 0.8.6 (libezxml.a) where ezxml_decode() mishandles memory while parsing crafted XML, causing a heap out-of-bounds read. The vulnerability is documented across multiple sources (NVD and various advisories). The provided materials do not specify a patch versio...

CVE-2021-31598

CVE-2021-31598 affects ezXML 0.8.6 (libezxml.a) and arises from incorrect memory handling in ezxml_decode() while parsing crafted XML files, causing a heap-based buffer overflow. The issue is consistently cited across multiple advisories (SUSE/OpenSUSE SUSE-SU-2021:3815/3804/3805, 3873-1, openSUS...

CVE-2021-31598

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmldecode performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow...

ezXML Out-of-Bounds Read Vulnerability

ezXML is a C library for parsing XML documents . An out-of-bounds read vulnerability exists in libezxml.a in ezXML version 0.8.6. The vulnerability stems from a memory handling error performed by the ezxmlparsestr function when parsing a specially crafted XML file. An attacker could exploit this...

CVE-2021-31348

CVE-2021-31348 affects ezXML 0.8.6 (libezxml.a); the flaw is in ezxml_parse_str() where improper memory handling during XML parsing leads to an out-of-bounds read after a strcspn failure. Connected advisories (SUSE/openSUSE) enumerate this CVE among multiple netcdf/ezXML issues and reference upda...

CVE-2021-31348

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files out-of-bounds read after a certain strcspn failure...

CVE-2021-31347

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files writing outside a memory region created by mmap...

CVE-2021-31347

CVE-2021-31347 affects ezXML/libezxml.a in ezXML 0.8.6. The flaw is in ezxml_parse_str(), which performs incorrect memory handling while parsing crafted XML files, writing outside a memory region created by mmap. This can lead to memory corruption (out-of-bounds write) as described across multipl...

CVE-2021-30485

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlinternaldtd, while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp on a NULL pointer...

CVE-2021-30485

CVE-2021-30485 affects ezXML 0.8.6 (libezxml.a). The issue is a NULL pointer dereference in ezxml_internal_dtd() during XML parsing, caused by memory handling that can lead to a NULL pointer being passed to strcmp(). The connected documents consistently reference this exact flaw in ezXML 0.8.6, i...