Описание
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mapcache | unfixed | package | ||
| scilab | fixed | 2024.1.0+dfsg1-1 | package | |
| netcdf | fixed | 1:4.9.0-1 | package | |
| netcdf | ignored | bullseye | package | |
| netcdf | ignored | buster | package | |
| netcdf | not-affected | stretch | package | |
| netcdf-parallel | fixed | 1:4.9.0-1 | package | |
| netcdf-parallel | ignored | bullseye | package | |
| netcdf-parallel | ignored | buster | package |
Примечания
https://sourceforge.net/p/ezxml/bugs/20/
mapcache only uses ezxml to parse config files which are trusted
Связанные уязвимости
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
Уязвимость функции ezxml_ent_ok библиотеки для синтаксического анализа XML-документов ezXML, позволяющая нарушителю вызвать отказ в обслуживании
