Bug 1202408 (CVE-2021-33235)

Summary: VUL-0: CVE-2021-33235: htmldoc: Buffer overflow vulnerability in write_node in htmldoc through 1.9.11
Product: [openSUSE] openSUSE Distribution Reporter: Hu <cathy.hu>
Component: SecurityAssignee: Martin Pluskal <mpluskal>
Status: NEW --- QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P3 - Medium    
Version: Leap 15.4   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/339894/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Hu 2022-08-16 06:30:12 UTC
CVE-2021-33235

Buffer overflow vulnerability in write_node in htmldoc through 1.9.11 allows
attackers to cause a denial of service via htmldoc/htmldoc/html.cxx:588.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33235
https://github.com/michaelrsweet/htmldoc/issues/426
Comment 1 Hu 2022-08-16 06:31:07 UTC
Affected:
- openSUSE:Backports:SLE-15-SP3/htmldoc  1.9.1 

Not affected:
- openSUSE:Backports:SLE-15-SP4/htmldoc  1.9.15
- openSUSE:Factory/htmldoc               1.9.16