PT-2023-8026 · Tinyxml+6 · Tinyxml+6

Published

2023-12-06

Updated

2025-03-13

CVE-2023-34194

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions TinyXML versions through 2.6.2

Description The issue is related to the TiXmlDeclaration::Parse() function in the tinyxmlparser.cpp component of the TinyXML XML parser. It involves the use of an assert() operator when handling a null character (0) located after whitespace in a crafted XML document. This can lead to an application exit. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For TinyXML versions through 2.6.2, consider updating to a version that fixes this issue, as the current version may exit the application when encountering a crafted XML document with a 0 character after whitespace. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2025-3909

ALT-PU-2025-4081

BDU:2024-00003

CVE-2023-34194

DLA-3701-1

MGASA-2024-0014

OESA-2024-2583

OPENSUSE-SU-2023_4958-1

OPENSUSE-SU-2024:13524-1

ROSA-SA-2024-2546

SUSE-SU-2023:4958-1

USN-6612-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Tinyxml

Ubuntu

PT-2023-8026 · Tinyxml+6 · Tinyxml+6

CVE-2023-34194

Weakness Enumeration

Related Identifiers

Affected Products

References · 45