CVE-2021-28040

Published: Mar 5, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.

Affected (1)

Products: Ossec: Ossec

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ossec Ossec	Version 3.6.0

Related CWEs

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (2)

https://github.com/ossec/ossec-hids/issues/1953

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/ossec/ossec-hids/issues/1953

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.