diff options
| author | Sebastian Pipping <sebastian@pipping.org> | 2022-01-05 18:25:41 +0100 |
|---|---|---|
| committer | Sebastian Pipping <sebastian@pipping.org> | 2022-01-07 23:18:30 +0100 |
| commit | e857fe0b0b06dfc41fbf7009886bffa3f27ae416 (patch) | |
| tree | 86342743cb5e6256de946c5b0ae158fb8ce7cc34 | |
| parent | bd6511578b4cb5205d4354fa98e64328f2886c85 (diff) | |
| download | libexpat-git-issue-532-integer-overflow.tar.gz | |
Changes: Document integer overflow CVE-2021-46143issue-532-integer-overflow
| -rw-r--r-- | expat/Changes | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/expat/Changes b/expat/Changes index bd620a7d..e9474f40 100644 --- a/expat/Changes +++ b/expat/Changes @@ -16,6 +16,10 @@ Release x.x.x xxx xxxxxxxx xx xxxx where XML_ParserCreateNS is used to create the parser (which needs argument "-n" when running xmlwf). Impact is denial of service, or more. + #532 #538 CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow + on variable m_groupSize in function doProlog leading + to realloc acting as free. + Impact is denial of service or more. Other changes: #535 CMake: Make call to file(GENERATE [..]) work for CMake <3.19 @@ -25,9 +29,11 @@ Release x.x.x xxx xxxxxxxx xx xxxx #536 CI: Check for realistic minimum CMake version Special thanks to: + An anonymous whitehat Tyson Smith and GCC Farm Project + Trend Micro Zero Day Initiative Release 2.4.2 Sun December 19 2021 Other changes: |