First published: Tue Dec 31 2019(Updated: )
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ezxml Project Ezxml | >=0.8.3<=0.8.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-20198.
The title of the vulnerability is 'An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.'
The severity of CVE-2019-20198 is medium with a score of 6.5.
The vulnerability affects ezXML versions 0.8.3 through 0.8.6.
The vulnerability can be exploited by crafting a malicious XML file that triggers a stack consumption issue in the ezxml_ent_ok() function.