Changes: Document integer overflow CVE-2021-46143

2022-01-05 18:25:41 +01:00 · 2022-01-05 18:25:41 +01:00 · f488b072b7
commit f488b072b7
parent 85ae9a2d7d
1 changed files with 6 additions and 0 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -16,6 +16,10 @@ Release x.x.x xxx xxxxxxxx xx xxxx
                    where XML_ParserCreateNS is used to create the parser
                    (which needs argument "-n" when running xmlwf).
                    Impact is denial of service, or more.
+       #532 #538  CVE-2021-46143 (ZDI-CAN-16157) -- Fix integer overflow
+                    on variable m_groupSize in function doProlog leading
+                    to realloc acting as free.
+                    Impact is denial of service or more.

        Other changes:
            #535  CMake: Make call to file(GENERATE [..]) work for CMake <3.19
@ -27,11 +31,13 @@ Release x.x.x xxx xxxxxxxx xx xxxx
            #536  CI: Check for realistic minimum CMake version

        Special thanks to:
+            An anonymous whitehat
            Christopher Degawa
            J. Peter Mugaas
            Tyson Smith
                 and
            GCC Farm Project
+            Trend Micro Zero Day Initiative

 Release 2.4.2 Sun December 19 2021
        Other changes: