Name of the Vulnerable Software and Affected Versions 1С:Предприятие (affected versions not specified)

Description The issue concerns a vulnerability in the Fast Infoset decoder of the xml2.dll library, which is used for working with XML documents. An attacker can manipulate input data to put the Fast Infoset decoder into a state where it attempts to read a sequence of octets from the input stream, potentially leading to an infinite loop if the specified length exceeds the actual data size. This is due to a lack of proper handling in the sub 20C02870 procedure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.