Bug 2253716 (CVE-2021-42260)

Summary: CVE-2021-42260 tinyxml: infinite loop causes crash
Product: [Other] Security Response Reporter: Nick Tait <ntait>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: tinyxml 2.6.2 Doc Type: ---
Doc Text:
A vulnerability was discovered in the TinyXML package, specifically the tinyxmlparser module. A crafted XML message could cause a crash and therefore an opportunity for a denial of service attack.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2253717, 2253718    
Bug Blocks:    

Description Nick Tait 2023-12-09 00:37:10 UTC 
From the description on MITRE's CVE page:
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
Comment 1 Nick Tait 2023-12-09 00:37:35 UTC 
Created tinyxml tracking bugs for this issue:

Affects: epel-all [bug 2253717]
Affects: fedora-all [bug 2253718]