High severity7.5NVD Advisory· Published Dec 13, 2023· Updated Jun 17, 2026
CVE-2023-34194
CVE-2023-34194
Description
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- TinyXML/tinyxmlparserdescription
- osv-coords3 versionspkg:rpm/opensuse/tinyxml&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/tinyxml&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/tinyxml&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5
< 2.6.2-150000.3.6.1+ 2 more
- (no CPE)range: < 2.6.2-150000.3.6.1
- (no CPE)range: < 2.6.2-150000.3.6.1
- (no CPE)range: < 2.6.2-150000.3.6.1
Patches
Vulnerability mechanics
References
7- sourceforge.net/p/tinyxml/git/ci/master/tree/tinyxmlparser.cppnvdPatch
- www.forescout.com/resources/sierra21-vulnerabilitiesnvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2023/12/msg00024.htmlnvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4QCR5PIOBGDIDS6SYRESTMDJSEDFSCOE/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HOMBSHRIW5Q34SQSXYURYAOYDZD2NQF6/nvd
News mentions
0No linked articles in our index yet.