CVE-2021-42860

HIGH

Mini-xml - Resource Leak

Title source: rule

Description

A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/michaelrsweet/mxml/issues/286

Scores

CVSS v3 7.5

EPSS 0.0029

EPSS Percentile 52.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-772

Status published

Products (1)

mini-xml_project/mini-xml 3.2

Published May 26, 2022

Tracked Since Feb 18, 2026