| Summary: | [CVE 21] tinyxml2 CVE | ||
|---|---|---|---|
| Product: | [ROSA-based products] ROSA Fresh | Reporter: | Vladimir Potapov <v.potapov> |
| Component: | Packages from Main | Assignee: | ROSA Linux Bugs <bugs> |
| Status: | RESOLVED NOTABUG | QA Contact: | ROSA Linux Bugs <bugs> |
| Severity: | blocker | ||
| Priority: | Highest | CC: | i.gaptrakhmanov |
| Version: | All | Flags: | v.potapov:
secteam_verified?
|
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | CVE-2018-11210 | ||
| Whiteboard: | |||
| Platform: | --- | ROSA Vulnerability identifier: | |
| RPM Package: | ISO-related: | ||
| Bad POT generating: | Upstream: | ||
|
Description
Vladimir Potapov
2024-01-12 12:34:55 MSK
На cve.mitre.org CVE-2018-11210 помечен как спорный: ** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2. Статус на redhat: CLOSED NOTABUG |