CVE-2021-4249

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-4249

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-4249.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-4249

Aliases

HSEC-2023-0004
VDB-216204

Related

UBUNTU-CVE-2021-4249

Published

2022-12-18T15:15:10Z

Modified

2024-09-18T03:16:38.475463Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204.

References

Affected packages

Debian:11 / haskell-xml-conduit

Package

Name: haskell-xml-conduit
Purl: pkg:deb/debian/haskell-xml-conduit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9.0.0-1

1.9.1.1-1

1.9.1.1-2

1.9.1.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / haskell-xml-conduit

Package

Name: haskell-xml-conduit
Purl: pkg:deb/debian/haskell-xml-conduit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.1.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / haskell-xml-conduit

Package

Name: haskell-xml-conduit
Purl: pkg:deb/debian/haskell-xml-conduit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.9.1.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/snoyberg/xml

Affected ranges

Type: GIT
Repo: https://github.com/snoyberg/xml
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

4be1021791dcdee8b164d239433a2043dc0939ea

Affected versions

1.*

1.6.0

dtd/0.*

dtd/0.5.0

dtd/0.5.1

dtd/0.5.1.1

dtd/0.6.0

dtd/0.6.1

dtd/0.6.1.1

dtd/0.6.1.2

dtd/1.*

dtd/1.1.0

dtd/1.1.0.1

dtd/1.1.0.2

html-conduit-1.*

html-conduit-1.3.0

html-conduit-1.3.1

html-conduit-1.3.2

html-conduit-1.3.2.1

html-conduit/0.*

html-conduit/0.0.1

html-conduit/0.1.0

html-conduit/0.1.0.1

html-conduit/0.1.0.2

html-conduit/0.1.0.3

html-conduit/0.1.0.4

html-conduit/1.*

html-conduit/1.1.0

html-conduit/1.1.0.1

html-conduit/1.1.0.2

html-conduit/1.1.0.3

html-conduit/1.1.0.4

html-conduit/1.1.0.5

html-conduit/1.1.0.6

html-conduit/1.1.1

html-conduit/1.1.1.1

html-conduit/1.1.1.2

html-conduit/1.2.0

html-conduit/1.2.1

html-conduit/1.2.1.1

html-conduit/1.2.1.2

uri-conduit/0.*

uri-conduit/0.4.0

uri-conduit/0.4.0.1

uri-conduit/0.5.0

uri-conduit/0.5.0.1

uri-conduit/0.5.0.2

uri-conduit/1.*

uri-conduit/1.1.0

uri-conduit/1.1.1

uri-conduit/1.1.1.1

uri-conduit/1.1.1.2

xml-catalog/0.*

xml-catalog/0.7.0

xml-catalog/0.7.0.1

xml-catalog/0.8.0

xml-catalog/1.*

xml-catalog/1.1.0

xml-catalog/1.1.0.1

xml-catalog/1.1.0.2

xml-conduit-1.*

xml-conduit-1.8.0

xml-conduit/0.*

xml-conduit/0.5.4

xml-conduit/0.6.0

xml-conduit/0.7.0

xml-conduit/0.7.0.1

xml-conduit/0.7.0.2

xml-conduit/0.7.0.3

xml-conduit/1.*

xml-conduit/1.0.0

xml-conduit/1.0.1

xml-conduit/1.0.2.1

xml-conduit/1.0.3

xml-conduit/1.0.3.1

xml-conduit/1.0.3.2

xml-conduit/1.0.3.3

xml-conduit/1.1.0

xml-conduit/1.1.0.1

xml-conduit/1.1.0.2

xml-conduit/1.1.0.3

xml-conduit/1.1.0.4

xml-conduit/1.1.0.5

xml-conduit/1.1.0.6

xml-conduit/1.1.0.7

xml-conduit/1.1.0.8

xml-conduit/1.1.0.9

xml-conduit/1.2.0

xml-conduit/1.2.0.1

xml-conduit/1.2.0.2

xml-conduit/1.2.0.3

xml-conduit/1.2.1

xml-conduit/1.2.1.1

xml-conduit/1.2.2

xml-conduit/1.2.3

xml-conduit/1.2.3.1

xml-conduit/1.2.3.2

xml-conduit/1.2.3.3

xml-conduit/1.2.4

xml-conduit/1.2.5

xml-conduit/1.2.5.1

xml-conduit/1.2.6

xml-conduit/1.3.0

xml-conduit/1.3.1

xml-conduit/1.3.3

xml-conduit/1.3.3.1

xml-conduit/1.3.4

xml-conduit/1.3.4.1

xml-conduit/1.3.4.2

xml-conduit/1.3.5

xml-conduit/1.4.0

xml-conduit/1.4.0.1

xml-conduit/1.4.0.2

xml-conduit/1.4.0.3

xml-conduit/1.4.0.4

xml-conduit/1.5.0

xml-conduit/1.5.1

xml-conduit/1.6.0

xml-conduit/1.7.0

xml-conduit/1.7.0.1

xml-conduit/1.7.1.0

xml-conduit/1.7.1.1

xml-conduit/1.8.0.1

xml-conduit/1.9.0

xml-enumerator/0.*

xml-enumerator/0.0.0

xml-enumerator/0.0.1

xml-enumerator/0.0.1.1

xml-enumerator/0.0.1.2

xml-enumerator/0.1.0

xml-enumerator/0.1.0.1

xml-enumerator/0.1.0.2

xml-enumerator/0.1.1

xml-enumerator/0.1.3

xml-enumerator/0.2.0

xml-enumerator/0.2.0.1

xml-enumerator/0.2.0.2

xml-enumerator/0.2.1

xml-enumerator/0.2.1.1

xml-enumerator/0.2.2

xml-enumerator/0.3.0

xml-enumerator/0.3.2

xml-enumerator/0.3.3

xml-enumerator/0.3.4

xml-hamlet-0.*

xml-hamlet-0.5.0

xml-hamlet-0.5.0.1

xml-hamlet/0.*

xml-hamlet/0.3.0

xml-hamlet/0.3.0.1

xml-hamlet/0.4.0

xml-hamlet/0.4.0.1

xml-hamlet/0.4.0.10

xml-hamlet/0.4.0.11

xml-hamlet/0.4.0.12

xml-hamlet/0.4.0.2

xml-hamlet/0.4.0.3

xml-hamlet/0.4.0.4

xml-hamlet/0.4.0.5

xml-hamlet/0.4.0.6

xml-hamlet/0.4.0.7

xml-hamlet/0.4.0.8

xml-hamlet/0.4.0.9

xml-hamlet/0.4.1

xml-hamlet/0.4.1.1

xml2html/0.*

xml2html/0.1.2

xml2html/0.1.2.1

xml2html/0.1.2.3