// For flags

CVE-2023-34194

Ubuntu Security Notice USN-6612-1

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

StringEqual en TiXmlDeclaration::Parse en tinyxmlparser.cpp en TinyXML hasta 2.6.2 tiene una aserción accesible (y una salida de la aplicación) a través de un documento XML manipulado con un '\0' ubicado después del espacio en blanco.

It was discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted XML file, a remote attacker could possibly use this issue to cause a denial of service.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-05-30 CVE Reserved
  • 2023-12-13 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-12-04 First Exploit
  • 2025-04-15 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-617: Reachable Assertion
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tinyxml Project
Search vendor "Tinyxml Project"
 Tinyxml
Search vendor "Tinyxml Project" for product "Tinyxml"
 <= 2.6.2
Search vendor "Tinyxml Project" for product "Tinyxml" and version " <= 2.6.2"
-
Affected