oss-sec mailing list archives
REJECT request filed for CVE-2018-11210 against tinyxml2
From: Florian Weimer <fweimer () redhat com>
Date: Mon, 19 Nov 2018 17:02:42 +0100
I filed a REJECT request for MITRE for this CVE identifier, with this rationale: This is not a vulnerability. The fuzzer did not check that the precondition is satisfied. If XMLDocument::Parse is called in the one-argument-form (or with a (size_t)-1 argument), then it uses strlen on the input string, which must be null-terminated. This is clearly spelled out in the API documentation. <https://github.com/leethomason/tinyxml2/blob/8f4a9a8cc2a93709b97d0cf51d33ddd1ec33277d/tinyxml2.h#L1677> This is just a courtesy notice in case you want to update your records before MITRE processes the rejection request (or rejects it altogether). Thanks, Florian
Current thread:
- REJECT request filed for CVE-2018-11210 against tinyxml2 Florian Weimer (Nov 19)