CVE-2023-34411

Published: Jun 5, 2023

Modified: Jan 8, 2025

PUBLISHED

Description

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/netvl/xml-rs/pull/226

https://github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f

https://github.com/netvl/xml-rs/compare/0.8.13...0.8.14

https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-34411

Description

Affected Products

References