CVE-2021-31598

Name of the Vulnerable Software and Affected Versions ezXML version 0.8.6

Description The issue is related to the ezxml decode() function in the ezXML library, which performs incorrect memory handling while parsing crafted XML files. This leads to a heap-based buffer overflow, allowing a remote attacker to cause a denial of service using a specially crafted XML file. The ezxml decode() function is vulnerable to buffer overflow attacks due to its incorrect handling of XML files.

Recommendations For ezXML version 0.8.6, consider disabling the ezxml decode() function until a patch is available to prevent potential exploitation. Restrict access to the ezxml decode() function to minimize the risk of denial of service attacks. Avoid using the ezxml decode() function with untrusted XML files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.