Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-34194 (GCVE-0-2023-34194)
Vulnerability from cvelistv5 – Published: 2023-12-13 00:00 – Updated: 2025-11-04 18:14
VLAI?
EPSS
Summary
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:14:41.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities"
},
{
"name": "[debian-lts-announce] 20231230 [SECURITY] [DLA 3701-1] tinyxml security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
},
{
"name": "FEDORA-2024-80e6578a01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
},
{
"name": "FEDORA-2024-c9dc0ac419",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T02:06:22.795Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp"
},
{
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities"
},
{
"name": "[debian-lts-announce] 20231230 [SECURITY] [DLA 3701-1] tinyxml security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
},
{
"name": "FEDORA-2024-80e6578a01",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
},
{
"name": "FEDORA-2024-c9dc0ac419",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-34194",
"datePublished": "2023-12-13T00:00:00.000Z",
"dateReserved": "2023-05-30T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:14:41.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-34194\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2023-12-13T14:15:43.680\",\"lastModified\":\"2025-11-04T19:15:42.927\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\\\0\u0027 located after whitespace.\"},{\"lang\":\"es\",\"value\":\"StringEqual en TiXmlDeclaration::Parse en tinyxmlparser.cpp en TinyXML hasta 2.6.2 tiene una aserci\u00f3n accesible (y una salida de la aplicaci\u00f3n) a trav\u00e9s de un documento XML manipulado con un \u0027\\\\0\u0027 ubicado despu\u00e9s del espacio en blanco.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.2\",\"matchCriteriaId\":\"F15EC263-5CCC-47B7-BBEB-2F14AEBE8BEA\"}]}]}],\"references\":[{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.forescout.com/resources/sierra21-vulnerabilities\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://www.forescout.com/resources/sierra21-vulnerabilities\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
GHSA-H738-V27M-F6MW
Vulnerability from github – Published: 2023-12-13 15:30 – Updated: 2025-11-04 21:30
VLAI?
Details
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2023-34194"
],
"database_specific": {
"cwe_ids": [
"CWE-617"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-13T14:15:43Z",
"severity": "HIGH"
},
"details": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace.",
"id": "GHSA-h738-v27m-f6mw",
"modified": "2025-11-04T21:30:52Z",
"published": "2023-12-13T15:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34194"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp"
},
{
"type": "WEB",
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
SUSE-SU-2023:4958-1
Vulnerability from csaf_suse - Published: 2023-12-22 03:33 - Updated: 2023-12-22 03:33Summary
Security update for tinyxml
Notes
Title of the patch
Security update for tinyxml
Description of the patch
This update for tinyxml fixes the following issues:
- CVE-2023-34194: Fixed reachable assertion may lead to denial of service (bsc#1218040).
Patchnames
SUSE-2023-4958,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4958,openSUSE-SLE-15.4-2023-4958,openSUSE-SLE-15.5-2023-4958
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for tinyxml",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for tinyxml fixes the following issues:\n\n- CVE-2023-34194: Fixed reachable assertion may lead to denial of service (bsc#1218040).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-4958,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4958,openSUSE-SLE-15.4-2023-4958,openSUSE-SLE-15.5-2023-4958",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4958-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:4958-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234958-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:4958-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017526.html"
},
{
"category": "self",
"summary": "SUSE Bug 1218040",
"url": "https://bugzilla.suse.com/1218040"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34194 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34194/"
}
],
"title": "Security update for tinyxml",
"tracking": {
"current_release_date": "2023-12-22T03:33:34Z",
"generator": {
"date": "2023-12-22T03:33:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:4958-1",
"initial_release_date": "2023-12-22T03:33:34Z",
"revision_history": [
{
"date": "2023-12-22T03:33:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"product": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"product_id": "libtinyxml0-2.6.2-150000.3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"product": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"product_id": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"product": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"product_id": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-150000.3.6.1.i586",
"product": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.i586",
"product_id": "libtinyxml0-2.6.2-150000.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-150000.3.6.1.i586",
"product": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.i586",
"product_id": "tinyxml-devel-2.6.2-150000.3.6.1.i586"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-150000.3.6.1.i586",
"product": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.i586",
"product_id": "tinyxml-docs-2.6.2-150000.3.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"product": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"product_id": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"product": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"product_id": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"product": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"product_id": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-150000.3.6.1.s390x",
"product": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.s390x",
"product_id": "libtinyxml0-2.6.2-150000.3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"product": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"product_id": "tinyxml-devel-2.6.2-150000.3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"product": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"product_id": "tinyxml-docs-2.6.2-150000.3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"product": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"product_id": "libtinyxml0-2.6.2-150000.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"product": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"product_id": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"product": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"product_id": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.s390x as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64 as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-150000.3.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.aarch64"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.s390x as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.s390x"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64 as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.x86_64"
},
"product_reference": "tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-34194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34194"
}
],
"notes": [
{
"category": "general",
"text": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34194",
"url": "https://www.suse.com/security/cve/CVE-2023-34194"
},
{
"category": "external",
"summary": "SUSE Bug 1218040 for CVE-2023-34194",
"url": "https://bugzilla.suse.com/1218040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP5:tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.4:tinyxml-docs-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:libtinyxml0-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:tinyxml-devel-2.6.2-150000.3.6.1.x86_64",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.aarch64",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.ppc64le",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.s390x",
"openSUSE Leap 15.5:tinyxml-docs-2.6.2-150000.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-12-22T03:33:34Z",
"details": "moderate"
}
],
"title": "CVE-2023-34194"
}
]
}
CVE-2023-34194
Vulnerability from fstec - Published: 06.12.2023
VLAI Severity ?
Title
Уязвимость функции TiXmlDeclaration::Parse() компонента tinyxmlparser.cpp XML-парсера TinyXML, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции TiXmlDeclaration::Parse() компонента tinyxmlparser.cpp XML-парсера TinyXML связана с использованием оператора assert() при обработке символа 0, расположенного после пробела. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity ?
Vendor
Novell Inc., ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», АО «НТЦ ИТ РОСА», Lee Thomason, АО "НППКТ"
Software Name
OpenSUSE Leap, openSUSE Tumbleweed, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Альт 8 СП (запись в едином реестре российских программ №4305), SUSE Linux Enterprise Module for Package Hub, Astra Linux Common Edition (запись в едином реестре российских программ №4433), РОСА ХРОМ (запись в едином реестре российских программ №1607), TinyXML, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
15.5 (OpenSUSE Leap), - (openSUSE Tumbleweed), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), - (Альт 8 СП), 4.7 (Astra Linux Special Edition), 15 SP4 (SUSE Linux Enterprise Module for Package Hub), 1.6 «Смоленск» (Astra Linux Common Edition), 12.4 (РОСА ХРОМ), 15 SP5 (SUSE Linux Enterprise Module for Package Hub), до 2.6.2 включительно (TinyXML), до 2.10 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
В связи с окончанием жизненного цикла программного продукта TinyXML, производитель рекомендует перейти на TinyXML-2:
https://github.com/leethomason/tinyxml2
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-34194.html
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Компенсирующие меры:
- использование средств межсетевого экранирования и средств обнаружения и предотвращения вторжений (IDS/IPS);
- ограничение загрузки файлов из недостоверных источников.
Для ОСОН ОСнова Оnyx (версия 2.10):
Обновление программного обеспечения tinyxml до версии 2.6.2-4+deb10u2
Для ОС Astra Linux:
обновить пакет tinyxml до 2.6.2-4+deb10u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
обновить пакет tinyxml до 2.6.2-4+deb10u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2024-2546
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Для ОС Astra Linux:
обновить пакет tinyxml до 2.6.2-4+deb9u2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16
Reference
https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp
https://www.forescout.com/resources/sierra21-vulnerabilities
https://www.suse.com/security/cve/CVE-2023-34194.html
https://bugzilla.redhat.com/show_bug.cgi?id=2254376
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.10/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47
https://abf.rosa.ru/advisories/ROSA-SA-2024-2546
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16
CWE
CWE-617
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, Lee Thomason, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.5 (OpenSUSE Leap), - (openSUSE Tumbleweed), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 15.4 (OpenSUSE Leap), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 4.7 (Astra Linux Special Edition), 15 SP4 (SUSE Linux Enterprise Module for Package Hub), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), 15 SP5 (SUSE Linux Enterprise Module for Package Hub), \u0434\u043e 2.6.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (TinyXML), \u0434\u043e 2.10 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u043e\u043a\u043e\u043d\u0447\u0430\u043d\u0438\u0435\u043c \u0436\u0438\u0437\u043d\u0435\u043d\u043d\u043e\u0433\u043e \u0446\u0438\u043a\u043b\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 TinyXML, \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043f\u0435\u0440\u0435\u0439\u0442\u0438 \u043d\u0430 TinyXML-2:\nhttps://github.com/leethomason/tinyxml2\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2023-34194.html\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 (IDS/IPS);\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438\u0437 \u043d\u0435\u0434\u043e\u0441\u0442\u043e\u0432\u0435\u0440\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.10):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f tinyxml \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.6.2-4+deb10u2\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 tinyxml \u0434\u043e 2.6.2-4+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 tinyxml \u0434\u043e 2.6.2-4+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2024-2546\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 tinyxml \u0434\u043e 2.6.2-4+deb9u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.12.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "02.01.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-00003",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-34194",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, openSUSE Tumbleweed, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), SUSE Linux Enterprise Module for Package Hub, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), TinyXML, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.5 , Novell Inc. openSUSE Tumbleweed - , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Novell Inc. OpenSUSE Leap 15.4 , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.10 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 TiXmlDeclaration::Parse() \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 tinyxmlparser.cpp XML-\u043f\u0430\u0440\u0441\u0435\u0440\u0430 TinyXML, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0414\u043e\u0441\u0442\u0443\u043f\u043d\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f assert() (CWE-617)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 TiXmlDeclaration::Parse() \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 tinyxmlparser.cpp XML-\u043f\u0430\u0440\u0441\u0435\u0440\u0430 TinyXML \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430 assert() \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u0430 0, \u0440\u0430\u0441\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0441\u043b\u0435 \u043f\u0440\u043e\u0431\u0435\u043b\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0417\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u0435\u043d\u0438\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u043e\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp\nhttps://www.forescout.com/resources/sierra21-vulnerabilities\nhttps://www.suse.com/security/cve/CVE-2023-34194.html\nhttps://bugzilla.redhat.com/show_bug.cgi?id=2254376\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.10/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0830SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2546\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-617",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
FKIE_CVE-2023-34194
Vulnerability from fkie_nvd - Published: 2023-12-13 14:15 - Updated: 2025-11-04 19:15
Severity ?
Summary
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tinyxml_project | tinyxml | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F15EC263-5CCC-47B7-BBEB-2F14AEBE8BEA",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace."
},
{
"lang": "es",
"value": "StringEqual en TiXmlDeclaration::Parse en tinyxmlparser.cpp en TinyXML hasta 2.6.2 tiene una aserci\u00f3n accesible (y una salida de la aplicaci\u00f3n) a trav\u00e9s de un documento XML manipulado con un \u0027\\0\u0027 ubicado despu\u00e9s del espacio en blanco."
}
],
"id": "CVE-2023-34194",
"lastModified": "2025-11-04T19:15:42.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T14:15:43.680",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
OPENSUSE-SU-2024:13524-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libtinyxml0-2.6.2-12.1 on GA media
Notes
Title of the patch
libtinyxml0-2.6.2-12.1 on GA media
Description of the patch
These are all security issues fixed in the libtinyxml0-2.6.2-12.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13524
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libtinyxml0-2.6.2-12.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libtinyxml0-2.6.2-12.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13524",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13524-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-42260 page",
"url": "https://www.suse.com/security/cve/CVE-2021-42260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-34194 page",
"url": "https://www.suse.com/security/cve/CVE-2023-34194/"
}
],
"title": "libtinyxml0-2.6.2-12.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13524-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-12.1.aarch64",
"product": {
"name": "libtinyxml0-2.6.2-12.1.aarch64",
"product_id": "libtinyxml0-2.6.2-12.1.aarch64"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-12.1.aarch64",
"product": {
"name": "tinyxml-devel-2.6.2-12.1.aarch64",
"product_id": "tinyxml-devel-2.6.2-12.1.aarch64"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-12.1.aarch64",
"product": {
"name": "tinyxml-docs-2.6.2-12.1.aarch64",
"product_id": "tinyxml-docs-2.6.2-12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-12.1.ppc64le",
"product": {
"name": "libtinyxml0-2.6.2-12.1.ppc64le",
"product_id": "libtinyxml0-2.6.2-12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-12.1.ppc64le",
"product": {
"name": "tinyxml-devel-2.6.2-12.1.ppc64le",
"product_id": "tinyxml-devel-2.6.2-12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-12.1.ppc64le",
"product": {
"name": "tinyxml-docs-2.6.2-12.1.ppc64le",
"product_id": "tinyxml-docs-2.6.2-12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-12.1.s390x",
"product": {
"name": "libtinyxml0-2.6.2-12.1.s390x",
"product_id": "libtinyxml0-2.6.2-12.1.s390x"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-12.1.s390x",
"product": {
"name": "tinyxml-devel-2.6.2-12.1.s390x",
"product_id": "tinyxml-devel-2.6.2-12.1.s390x"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-12.1.s390x",
"product": {
"name": "tinyxml-docs-2.6.2-12.1.s390x",
"product_id": "tinyxml-docs-2.6.2-12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libtinyxml0-2.6.2-12.1.x86_64",
"product": {
"name": "libtinyxml0-2.6.2-12.1.x86_64",
"product_id": "libtinyxml0-2.6.2-12.1.x86_64"
}
},
{
"category": "product_version",
"name": "tinyxml-devel-2.6.2-12.1.x86_64",
"product": {
"name": "tinyxml-devel-2.6.2-12.1.x86_64",
"product_id": "tinyxml-devel-2.6.2-12.1.x86_64"
}
},
{
"category": "product_version",
"name": "tinyxml-docs-2.6.2-12.1.x86_64",
"product": {
"name": "tinyxml-docs-2.6.2-12.1.x86_64",
"product_id": "tinyxml-docs-2.6.2-12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-12.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64"
},
"product_reference": "libtinyxml0-2.6.2-12.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-12.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le"
},
"product_reference": "libtinyxml0-2.6.2-12.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-12.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x"
},
"product_reference": "libtinyxml0-2.6.2-12.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libtinyxml0-2.6.2-12.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64"
},
"product_reference": "libtinyxml0-2.6.2-12.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-12.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64"
},
"product_reference": "tinyxml-devel-2.6.2-12.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-12.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le"
},
"product_reference": "tinyxml-devel-2.6.2-12.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-12.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x"
},
"product_reference": "tinyxml-devel-2.6.2-12.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-devel-2.6.2-12.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64"
},
"product_reference": "tinyxml-devel-2.6.2-12.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-12.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64"
},
"product_reference": "tinyxml-docs-2.6.2-12.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-12.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le"
},
"product_reference": "tinyxml-docs-2.6.2-12.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-12.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x"
},
"product_reference": "tinyxml-docs-2.6.2-12.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tinyxml-docs-2.6.2-12.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
},
"product_reference": "tinyxml-docs-2.6.2-12.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-42260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-42260"
}
],
"notes": [
{
"category": "general",
"text": "TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-42260",
"url": "https://www.suse.com/security/cve/CVE-2021-42260"
},
{
"category": "external",
"summary": "SUSE Bug 1191576 for CVE-2021-42260",
"url": "https://bugzilla.suse.com/1191576"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-42260"
},
{
"cve": "CVE-2023-34194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-34194"
}
],
"notes": [
{
"category": "general",
"text": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-34194",
"url": "https://www.suse.com/security/cve/CVE-2023-34194"
},
{
"category": "external",
"summary": "SUSE Bug 1218040 for CVE-2023-34194",
"url": "https://bugzilla.suse.com/1218040"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:libtinyxml0-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-devel-2.6.2-12.1.x86_64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.aarch64",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.ppc64le",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.s390x",
"openSUSE Tumbleweed:tinyxml-docs-2.6.2-12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-34194"
}
]
}
GSD-2023-34194
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-34194",
"id": "GSD-2023-34194"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-34194"
],
"details": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace.",
"id": "GSD-2023-34194",
"modified": "2023-12-13T01:20:30.483925Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-34194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp",
"refsource": "MISC",
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp"
},
{
"name": "https://www.forescout.com/resources/sierra21-vulnerabilities",
"refsource": "MISC",
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities"
},
{
"name": "[debian-lts-announce] 20231230 [SECURITY] [DLA 3701-1] tinyxml security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
},
{
"name": "FEDORA-2024-80e6578a01",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
},
{
"name": "FEDORA-2024-c9dc0ac419",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tinyxml_project:tinyxml:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F15EC263-5CCC-47B7-BBEB-2F14AEBE8BEA",
"versionEndIncluding": "2.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a \u0027\\0\u0027 located after whitespace."
},
{
"lang": "es",
"value": "StringEqual en TiXmlDeclaration::Parse en tinyxmlparser.cpp en TinyXML hasta 2.6.2 tiene una aserci\u00f3n accesible (y una salida de la aplicaci\u00f3n) a trav\u00e9s de un documento XML manipulado con un \u0027\\0\u0027 ubicado despu\u00e9s del espacio en blanco."
}
],
"id": "CVE-2023-34194",
"lastModified": "2024-01-12T03:15:08.950",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-13T14:15:43.680",
"references": [
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00024.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cpp"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.forescout.com/resources/sierra21-vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…