{"id":"CVE-2021-28040","details":"An issue was discovered in OSSEC 3.6.0. An uncontrolled recursion vulnerability in os_xml.c occurs when a large number of opening and closing XML tags is used. Because recursion is used in _ReadElem without restriction, an attacker can trigger a segmentation fault once unmapped memory is reached.","modified":"2026-04-10T04:31:38.362451Z","published":"2021-03-05T18:15:13.270Z","references":[{"type":"REPORT","url":"https://github.com/ossec/ossec-hids/issues/1953"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ossec/ossec-hids","events":[{"introduced":"0"},{"last_affected":"9772223c25a3eda512d35026737d7058297039a4"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.6.0"}]}}],"versions":["2.7-beta2","2.9.0-beta01","2.9.0-beta02","2.9.0-beta03","3.0.0","3.0beta01","3.0beta02","3.0beta03","3.0beta2","3.1.0","3.2.0","3.3.0","3.4.0","3.5.0","3.6.0","OSSEC_HIDS_0_4","snapshot/20150112","v1_1_0","v2.5.0-beta1","v2.7","v2.7-beta1","v2.7.1","v2.8.0","v2.9.0beta05","v_09","v_0_8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-28040.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}