Bug 2253716 (CVE-2021-42260) - CVE-2021-42260 tinyxml: infinite loop causes crash
Summary: CVE-2021-42260 tinyxml: infinite loop causes crash
Status: NEW
Alias: CVE-2021-42260
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Product Security
QA Contact:
Depends On: 2253717 2253718
TreeView+ depends on / blocked
Reported: 2023-12-09 00:37 UTC by Nick Tait
Modified: 2023-12-09 00:37 UTC (History)
0 users

Fixed In Version: tinyxml 2.6.2
Doc Type: ---
Doc Text:
A vulnerability was discovered in the TinyXML package, specifically the tinyxmlparser module. A crafted XML message could cause a crash and therefore an opportunity for a denial of service attack.
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Nick Tait 2023-12-09 00:37:10 UTC
From the description on MITRE's CVE page:
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

Comment 1 Nick Tait 2023-12-09 00:37:35 UTC
Created tinyxml tracking bugs for this issue:

Affects: epel-all [bug 2253717]
Affects: fedora-all [bug 2253718]

Note You need to log in before you can comment on or make changes to this bug.