CVE-2021-42260

Upstream information

CVE-2021-42260 at MITRE

Description

TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having low severity.

SUSE Bugzilla entry: 1191576 [IN_PROGRESS]

SUSE Security Advisories:

openSUSE-SU-2021:1474-1, published Mon Nov 15 15:50:11 2021
openSUSE-SU-2021:3639-1, published Wed Nov 10 00:41:20 2021

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Leap 15.2	`libtinyxml0 >= 2.6.2-lp152.4.3.1` `tinyxml-devel >= 2.6.2-lp152.4.3.1` `tinyxml-docs >= 2.6.2-lp152.4.3.1`	Patchnames: openSUSE-2021-1474
openSUSE Leap 15.3	`libtinyxml0 >= 2.6.2-3.3.1` `tinyxml-devel >= 2.6.2-3.3.1` `tinyxml-docs >= 2.6.2-3.3.1`	Patchnames: openSUSE-SLE-15.3-2021-3639

CVE-2021-42260

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

SUSE Linux Enterprise

SUSE Rancher

Solutions

Industries

Support

Services

Resources

Partners

Communities

About