A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification
References
Link | Resource |
---|---|
https://github.com/michaelrsweet/mxml/issues/286 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
Summary | A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification |
07 Jun 2022, 16:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:mini-xml_project:mini-xml:3.2:*:*:*:*:*:*:* | |
CWE | CWE-772 | |
First Time |
Mini-xml Project
Mini-xml Project mini-xml |
|
References | (MISC) https://github.com/michaelrsweet/mxml/issues/286 - Exploit, Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
02 Jun 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
Summary | ** DISPUTED ** A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification. |
26 May 2022, 12:57
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-05-26 12:15
Updated : 2024-04-11 01:13
NVD link : CVE-2021-42860
Mitre link : CVE-2021-42860
CVE.ORG link : CVE-2021-42860
JSON object : View
Products Affected
mini-xml_project
- mini-xml
CWE
CWE-772
Missing Release of Resource after Effective Lifetime