Activity for rc0r

  • rc0r rc0r posted a comment on ticket #26

    Please do not apply the originally proposed patch CVE-2021-31229-OOBW-000.patch as it calls ezxml_err() with a potentially corrupt t parameter leading to another crash (that does not occur without the patch applied). To avoid this newly introduced issue the offending call to ezxml_err() was changed to not include the potentially corrupt t: --- ezxml.c 2006-06-08 04:33:38.000000000 +0200 +++ ezxml-fixed.c 2021-04-15 15:40:38.054755080 +0200 @@ -320,6 +320,7 @@ { char q, *c, *t, *n = NULL, *v, **ent,...

  • rc0r rc0r created ticket #28

    Out-of-bounds write in ezxml_decode() leading to heap corruption

  • rc0r rc0r created ticket #27

    Out-of-bounds read/write in ezxml_parse_str() in ezxml.c:586/587

  • rc0r rc0r created ticket #26

    Out-of-bounds write in ezxml_internal_dtd()

  • rc0r rc0r created ticket #25

    Null pointer dereference in ezxml_internal_dtd()

1