Vulnerability Description
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tinyxml2 Project | Tinyxml2 | 6.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/leethomason/tinyxml2/issues/675Third Party Advisory
- https://github.com/leethomason/tinyxml2/issues/675#issuecomment-439933437
- https://github.com/leethomason/tinyxml2/issues/675#issuecomment-462194018
- https://github.com/leethomason/tinyxml2/issues/675Third Party Advisory
- https://github.com/leethomason/tinyxml2/issues/675#issuecomment-439933437
- https://github.com/leethomason/tinyxml2/issues/675#issuecomment-462194018
FAQ
What is CVE-2018-11210?
CVE-2018-11210 is a vulnerability with a CVSS score of 9.8 (CRITICAL). TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use o...
How severe is CVE-2018-11210?
CVE-2018-11210 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-11210?
Check the references section above for vendor advisories and patch information. Affected products include: Tinyxml2 Project Tinyxml2.