Vulnerability Details CVE-2021-28040
An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References