CVE-2021-28040

Name of the Vulnerable Software and Affected Versions: OSSEC version 3.6.0

Description: An issue was discovered in the os xml.c component, where an uncontrolled recursion vulnerability occurs when a large number of opening and closing XML tags is used. This happens because recursion is used in the ReadElem function without restriction, allowing an attacker to trigger a segmentation fault once unmapped memory is reached.

Recommendations: For OSSEC version 3.6.0, consider restricting the use of the ReadElem function in os xml.c to prevent uncontrolled recursion until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.