CVE-2023-34194

NameCVE-2023-34194
DescriptionStringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-3701-1, ELA-1029-1
Debian Bugs1059315

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tinyxml (PTS)jessie, jessie (lts)2.6.2-2+deb8u2fixed
stretch (security)2.6.2-4+deb9u1vulnerable
stretch (lts), stretch2.6.2-4+deb9u2fixed
buster (security), buster, buster (lts)2.6.2-4+deb10u2fixed
bullseye2.6.2-4+deb11u2fixed
bookworm2.6.2-6+deb12u1fixed
sid, trixie2.6.2-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tinyxmlsourcejessie2.6.2-2+deb8u2ELA-1029-1
tinyxmlsourcestretch2.6.2-4+deb9u2ELA-1029-1
tinyxmlsourcebuster2.6.2-4+deb10u2DLA-3701-1
tinyxmlsourcebullseye2.6.2-4+deb11u2
tinyxmlsourcebookworm2.6.2-6+deb12u1
tinyxmlsource(unstable)2.6.2-6.11059315

Notes

https://www.forescout.com/resources/sierra21-vulnerabilities
Debian (non upstream) patch: https://salsa.debian.org/debian/tinyxml/-/raw/2366e1f23d059d4c20c43c54176b6bd78d6a83fc/debian/patches/CVE-2023-34194.patch

Search for package or bug name: Reporting problems