CVE-2018-20593

Опубликовано: 30 дек. 2018

Источник: debian

EPSS Низкий

Описание

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

Пакет	Статус	Версия исправления	Релиз	Тип
mxml	fixed	3.0-1		package
mxml	ignored		buster	package
mxml	ignored		stretch	package
mxml	no-dsa		jessie	package

https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2971_1.txt.err (error output)
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt
https://github.com/ntu-sec/pocs/blob/master/mxml-53c75b0/crashes/so_mxmldoc.c:2987_1.txt.err (error output)
https://github.com/michaelrsweet/mxml/issues/237
upstream tagged the issue with 'wontfix' and removed mxmldoc code completely in 3.0, marking that version as fix

EPSS

Процентиль: 46%

0.00237

Низкий

CVE-2018-20593

CVSS3: 5.5

ubuntu

около 7 лет назад

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

CVE-2018-20593

CVSS3: 5.5

nvd

около 7 лет назад

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

GHSA-q449-7g73-x9hf

CVSS3: 5.5

github

больше 3 лет назад

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.

EPSS

Процентиль: 46%

0.00237

Низкий