{"schema_version":"1.7.2","id":"OESA-2022-1521","modified":"2022-02-11T11:03:31Z","published":"2022-02-11T11:03:31Z","upstream":["CVE-2021-42260"],"summary":"tinyxml security update","details":"TinyXML parses an XML document, and builds from that a Document Object Model (DOM) that can be read, modified, and saved. XML is a very structured and convenient format. All those random file formats created to store application data can all be replaced with XML. One parser for everything.\r\n\r\nSecurity Fix(es):\r\n\r\nTinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.(CVE-2021-42260)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"tinyxml","purl":"pkg:rpm/openEuler/tinyxml\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.2-22.oe1"}]}],"ecosystem_specific":{"aarch64":["tinyxml-debuginfo-2.6.2-22.oe1.aarch64.rpm","tinyxml-debugsource-2.6.2-22.oe1.aarch64.rpm","tinyxml-devel-2.6.2-22.oe1.aarch64.rpm","tinyxml-2.6.2-22.oe1.aarch64.rpm"],"src":["tinyxml-2.6.2-22.oe1.src.rpm"],"x86_64":["tinyxml-debugsource-2.6.2-22.oe1.x86_64.rpm","tinyxml-debuginfo-2.6.2-22.oe1.x86_64.rpm","tinyxml-devel-2.6.2-22.oe1.x86_64.rpm","tinyxml-2.6.2-22.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"tinyxml","purl":"pkg:rpm/openEuler/tinyxml\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.2-22.oe1"}]}],"ecosystem_specific":{"aarch64":["tinyxml-devel-2.6.2-22.oe1.aarch64.rpm","tinyxml-2.6.2-22.oe1.aarch64.rpm","tinyxml-debugsource-2.6.2-22.oe1.aarch64.rpm","tinyxml-debuginfo-2.6.2-22.oe1.aarch64.rpm"],"src":["tinyxml-2.6.2-22.oe1.src.rpm"],"x86_64":["tinyxml-debugsource-2.6.2-22.oe1.x86_64.rpm","tinyxml-devel-2.6.2-22.oe1.x86_64.rpm","tinyxml-debuginfo-2.6.2-22.oe1.x86_64.rpm","tinyxml-2.6.2-22.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"tinyxml","purl":"pkg:rpm/openEuler/tinyxml\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.2-22.oe1"}]}],"ecosystem_specific":{"aarch64":["tinyxml-devel-2.6.2-22.oe1.aarch64.rpm","tinyxml-debuginfo-2.6.2-22.oe1.aarch64.rpm","tinyxml-debugsource-2.6.2-22.oe1.aarch64.rpm","tinyxml-2.6.2-22.oe1.aarch64.rpm"],"src":["tinyxml-2.6.2-22.oe1.src.rpm"],"x86_64":["tinyxml-debugsource-2.6.2-22.oe1.x86_64.rpm","tinyxml-debuginfo-2.6.2-22.oe1.x86_64.rpm","tinyxml-devel-2.6.2-22.oe1.x86_64.rpm","tinyxml-2.6.2-22.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1521"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42260"}],"database_specific":{"severity":"High"}}