rpm package
opensuse/netcdf_4_7_3-gnu-hpc&distro=openSUSE Leap 15.3
pkg:rpm/opensuse/netcdf_4_7_3-gnu-hpc&distro=openSUSE%20Leap%2015.3
Vulnerabilities (16)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-31598 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Apr 24, 2021 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. | ||
| CVE-2021-31348 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Apr 16, 2021 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure). | ||
| CVE-2021-31347 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Apr 16, 2021 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap). | ||
| CVE-2021-31229 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Apr 15, 2021 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. | ||
| CVE-2021-30485 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Apr 11, 2021 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. | ||
| CVE-2021-26222 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Feb 8, 2021 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | ||
| CVE-2021-26221 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Feb 8, 2021 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | ||
| CVE-2021-26220 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Feb 8, 2021 | The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | ||
| CVE-2019-20198 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Dec 31, 2019 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | ||
| CVE-2019-20199 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Dec 31, 2019 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. | ||
| CVE-2019-20200 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Dec 31, 2019 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature. | ||
| CVE-2019-20201 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Dec 31, 2019 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. | ||
| CVE-2019-20202 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Dec 31, 2019 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault. | ||
| CVE-2019-20005 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Dec 26, 2019 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the process | ||
| CVE-2019-20006 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Dec 26, 2019 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault. | ||
| CVE-2019-20007 | — | < 4.7.3-3.7.2 | 4.7.3-3.7.2 | Dec 26, 2019 | An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whet |
- CVE-2021-31598Apr 24, 2021affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
- CVE-2021-31348Apr 16, 2021affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
- CVE-2021-31347Apr 16, 2021affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).
- CVE-2021-31229Apr 15, 2021affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.
- CVE-2021-30485Apr 11, 2021affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
- CVE-2021-26222Feb 8, 2021affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
- CVE-2021-26221Feb 8, 2021affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
- CVE-2021-26220Feb 8, 2021affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
- CVE-2019-20198Dec 31, 2019affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
- CVE-2019-20199Dec 31, 2019affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
- CVE-2019-20200Dec 31, 2019affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
- CVE-2019-20201Dec 31, 2019affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
- CVE-2019-20202Dec 31, 2019affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
- CVE-2019-20005Dec 26, 2019affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the process
- CVE-2019-20006Dec 26, 2019affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
- CVE-2019-20007Dec 26, 2019affected < 4.7.3-3.7.2fixed 4.7.3-3.7.2
An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whet