CVE-2021-31347
openSUSE Security Advisory - openSUSE-SU-2021:3804-1
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
Se detectó un problema en la biblioteca libezxml.a en ezXML versión 0.8.6. La función ezxml_parse_str() lleva a cabo un manejo de la memoria incorrecto mientras analiza archivos XML diseñados (escribiendo fuera de una región de memoria creada por mmap)
An update that fixes 16 vulnerabilities is now available. This update for netcdf fixes the following issues.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-04-15 CVE Reserved
- 2021-04-16 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-04-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-91: XML Injection (aka Blind XPath Injection)
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2021/07/msg00005.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://sourceforge.net/p/ezxml/bugs/27 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ezxml Project Search vendor "Ezxml Project" | Ezxml Search vendor "Ezxml Project" for product "Ezxml" | 0.8.6 Search vendor "Ezxml Project" for product "Ezxml" and version "0.8.6" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||