HIGH🇵🇱 Wersja polska

CVE-2021-28040

CVSS 7.5v3.1pub. 2021-03-05upd. 2024-11-21

An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Ossec

    APP
    Ossec
    3.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2020-8443CRITICAL9.8ten sam produkt

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulner...

CVE-2020-8445CRITICAL9.8ten sam produkt

In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encode terminal...

CVE-2020-8444CRITICAL9.8ten sam produkt

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulner...

CVE-2020-8447CRITICAL9.8ten sam produkt

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulner...

CVE-2020-8442HIGH8.8ten sam produkt

In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulner...