CNNVD-202509-4108 Information
CNNVD ID
CNNVD-202509-4108
Related CVE
- CNNVD Published: 2025-09-26
Description (Chinese)
BehaviorTree.CPP是BehaviorTree开源的一个C++中的行为树的库。 BehaviorTree.CPP 4.7.0及之前版本存在代码问题漏洞,该漏洞源于XML Parser组件中XMLParser::PImpl::loadDocImpl函数存在空指针取消引用,可能导致本地攻击。
Description (English)
BehaviorTree.CPP is the reservoir of a C++ behavioural tree in BehaviorTree ’ s open source. There is a code gap in BehaviorTree.CPP4.7.0 and earlier versions, which stems from the fact that the XMLParser::PImpl:loadDocIpl function in the XML Parser component has an empty pointer unquote, which may lead to local attacks.
Hazard Level
Critical
Vulnerability Type
代码问题
Affected Vendor
BehaviorTree
Published
2025-09-26
Last Modified
2026-02-24
References
https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1003 https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1004 https://github.com/user-attachments/files/22245915/poc.zip https://vuldb.com/?ctiid.325956 https://vuldb.com/?id.325956 https://vuldb.com/?submit.654075 https://access.redhat.com/security/cve/cve-2025-11013
Share on: