ALT Linux Team

Branch c9f2 update on 2025-03-14

2025-03-14

ALT-BU-2025-4238-1

Branch c9f2 update bulletin.

ALT-PU-2025-4081-3

Package tinyxml updated to version 2.6.2-alt2 for branch c9f2 in task 377637.

Closed vulnerabilities

Published: 2021-09-14

BDU:2022-06895

Уязвимость функции TiXmlParsingData::Stamp компонента tinyxmlparser.cpp XML-парсера TinyXML, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-12-06

BDU:2024-00003

Уязвимость функции TiXmlDeclaration::Parse() компонента tinyxmlparser.cpp XML-парсера TinyXML, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2021-10-11
Modified: 2024-11-21

CVE-2021-42260

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2023-12-13
Modified: 2024-11-21

CVE-2023-34194

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top