CVE-2021-31348

EUVD-2021-18258
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
ezxml_projectezxml
0.8.6
debiandebian_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mapcache
bookworm
unimportant
bullseye
ignored
buster
ignored
sid
unimportant
stretch
not-affected
trixie
unimportant
netcdf
bookworm
1:4.9.0-3
fixed
bullseye
ignored
buster
ignored
sid
1:4.9.2-7
fixed
stretch
not-affected
trixie
1:4.9.2-7
fixed
netcdf-parallel
bookworm
1:4.9.0-1
fixed
bullseye
ignored
buster
ignored
sid
1:4.9.0-4
fixed
stretch
not-affected
trixie
1:4.9.0-4
fixed
scilab
bookworm
unimportant
bullseye
ignored
buster
ignored
sid
unimportant
stretch
not-affected
trixie
unimportant
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mapcache
bionic
needed
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
needs-triage
netcdf
bionic
needed
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
needs-triage
xenial
needs-triage
netcdf-parallel
bionic
dne
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
ignored
scilab
bionic
needed
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
needs-triage
Common Weakness Enumeration
References
https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html
https://sourceforge.net/p/ezxml/bugs/27/
https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html
https://sourceforge.net/p/ezxml/bugs/27/