CVE-2023-34194

CVE-2023-34194

Name

CVE-2023-34194

Description

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
cve@mitre.org	https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp
cve@mitre.org	https://www.forescout.com/resources/sierra21-vulnerabilities
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/

Type

URI

cve@mitre.org

https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp

cve@mitre.org

https://www.forescout.com/resources/sierra21-vulnerabilities

cve@mitre.org

https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/

af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:tinyxml_project:tinyxml::::::::`	tinyxml	>= None	<= 2.6.2

CPE URI

Source package

Min version

Max version

cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*

tinyxml

>= None

<= 2.6.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
tinyxml	edge-community	2.6.2-r6	Achill Gilgenast <achill@achill.org>	fixed
tinyxml	edge-community	2.6.2-r5	fossdd <fossdd@pwned.life>	fixed
tinyxml	edge-community	2.6.2-r4	None	fixed
tinyxml	edge-community	2.6.2-r3	None	possibly vulnerable
tinyxml	edge-community	2.6.2-r2	None	possibly vulnerable
tinyxml	3.23-community	2.6.2-r6	Achill Gilgenast <achill@achill.org>	fixed
tinyxml	3.22-community	2.6.2-r5	fossdd <fossdd@pwned.life>	fixed
tinyxml	3.22-community	2.6.2-r4	None	fixed
tinyxml	3.22-community	2.6.2-r2	None	possibly vulnerable
tinyxml	3.21-community	2.6.2-r4	None	fixed
tinyxml	3.20-community	2.6.2-r4	None	fixed
tinyxml	3.20-community	2.6.2-r3	None	possibly vulnerable
tinyxml	3.19-community	2.6.2-r2	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

tinyxml

edge-community

2.6.2-r6

Achill Gilgenast <achill@achill.org>

fixed

tinyxml

edge-community