HTMLDoc up to 1.9.12 htmldoc/htmldoc/html.cxx e_node heap-based overflow

A vulnerability was found in HTMLDoc up to 1.9.12. It has been classified as critical. This affects the function e_node of the file htmldoc/htmldoc/html.cxx. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.

Field07/19/2022 10:01 AM08/06/2022 11:28 AM08/06/2022 11:35 AM
nameHTMLDocHTMLDocHTMLDoc
version<=1.9.12<=1.9.12<=1.9.12
filehtmldoc/htmldoc/html.cxxhtmldoc/htmldoc/html.cxxhtmldoc/htmldoc/html.cxx
functione_nodee_nodee_node
cwe122 (heap-based overflow)122 (heap-based overflow)122 (heap-based overflow)
risk222
cvss3_vuldb_acLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cvss3_vuldb_rcCCC
identifier426426426
urlhttps://github.com/michaelrsweet/htmldoc/issues/426https://github.com/michaelrsweet/htmldoc/issues/426https://github.com/michaelrsweet/htmldoc/issues/426
cveCVE-2022-34035CVE-2022-34035CVE-2022-34035
cve_assigned1655676000 (06/20/2022)1655676000 (06/20/2022)1655676000 (06/20/2022)
cve_nvd_summaryHTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_rcCCC
cvss2_vuldb_avAAA
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss3_vuldb_avAAA
cvss3_vuldb_prLLL
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss2_vuldb_basescore5.25.25.2
cvss2_vuldb_tempscore5.25.25.2
cvss3_vuldb_basescore5.55.55.5
cvss3_vuldb_tempscore5.55.55.5
cvss3_meta_basescore5.55.56.5
cvss3_meta_tempscore5.55.56.5
price_0day$0-$5k$0-$5k$0-$5k
patch_urlhttps://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937ehttps://github.com/michaelrsweet/htmldoc/commit/a0014be47d614220db111b360fb6170ef6f3937e
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cN
cvss3_nvd_iN
cvss3_nvd_aH
cvss3_nvd_basescore7.5

Want to stay up to date on a daily basis?

Enable the mail alert feature now!