Search criteria
22 vulnerabilities found for xerces-c\+\+ by apache
CVE-2024-23807 (GCVE-0-2024-23807)
Vulnerability from nvd – Published: 2024-02-28 13:50 – Updated: 2026-01-22 04:55
VLAI?
Title
Apache Xerces C++: Use-after-free on external DTD scan
Summary
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.
Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xerces C++ |
Affected:
3.0.0 , < 3.2.5
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:xerces-c:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xerces-c",
"vendor": "apache",
"versions": [
{
"lessThan": "3.2.5",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T04:55:53.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/xerces-c/pull/54"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Xerces C++",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.2.5",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.\n\nUsers are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.\n\nThis issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T13:50:39.904Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/xerces-c/pull/54"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r"
}
],
"source": {
"defect": [
"XERCESC-2188"
],
"discovery": "UNKNOWN"
},
"title": "Apache Xerces C++: Use-after-free on external DTD scan",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-23807",
"datePublished": "2024-02-28T13:50:39.904Z",
"dateReserved": "2024-01-22T16:40:42.873Z",
"dateUpdated": "2026-01-22T04:55:53.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37536 (GCVE-0-2023-37536)
Vulnerability from nvd – Published: 2023-10-11 06:46 – Updated: 2025-02-13 17:01
VLAI?
Title
HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3
Summary
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
Severity ?
8.2 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | BigFix Platform |
Affected:
9.5 - 9.5.22, 10 - 10.0.9
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcltech:bigfix_platform:10:*:*:*:*:*:*:*",
"cpe:2.3:a:hcltech:bigfix_platform:9.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bigfix_platform",
"vendor": "hcltech",
"versions": [
{
"lessThanOrEqual": "9.5.22",
"status": "affected",
"version": "10",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "9.5",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "37"
},
{
"status": "affected",
"version": "38"
},
{
"status": "affected",
"version": "39"
}
]
},
{
"cpes": [
"cpe:2.3:a:apache:xerces-c\\+\\+:3.2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xerces-c\\+\\+",
"vendor": "apache",
"versions": [
{
"status": "affected",
"version": "3.2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T03:55:41.734161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:05:26.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Platform",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.5 - 9.5.22, 10 - 10.0.9"
}
]
}
],
"datePublic": "2023-09-28T18:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\u003c/span\u003e"
}
],
"value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T14:06:26.448Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37536",
"datePublished": "2023-10-11T06:46:01.750Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2025-02-13T17:01:28.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1311 (GCVE-0-2018-1311)
Vulnerability from nvd – Published: 2019-12-18 00:00 – Updated: 2025-11-04 18:14
VLAI?
Summary
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
Severity ?
No CVSS data available.
CWE
- Denial of Service and Remote Exploit
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xerces-C |
Affected:
3.0.0 to 3.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:14:14.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E"
},
{
"name": "RHSA-2020:0704",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0704"
},
{
"name": "RHSA-2020:0702",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0702"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2498-1] xerces-c security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html"
},
{
"name": "DSA-4814",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4814"
},
{
"name": "[xerces-c-users] 20210528 Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E"
},
{
"name": "[xerces-c-users] 20210528 RE: Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E"
},
{
"name": "[xerces-c-users] 20210528 Re: Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://marc.info/?l=xerces-c-users\u0026m=157653840106914\u0026w=2"
},
{
"name": "FEDORA-2023-52ba628e03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
},
{
"name": "FEDORA-2023-817ecc703f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
},
{
"name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3704-1] xerces-c security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
},
{
"name": "[oss-security] 20240216 CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Xerces-C",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service and Remote Exploit",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T17:05:54.808Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E"
},
{
"name": "RHSA-2020:0704",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0704"
},
{
"name": "RHSA-2020:0702",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0702"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2498-1] xerces-c security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html"
},
{
"name": "DSA-4814",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4814"
},
{
"name": "[xerces-c-users] 20210528 Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E"
},
{
"name": "[xerces-c-users] 20210528 RE: Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E"
},
{
"name": "[xerces-c-users] 20210528 Re: Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://marc.info/?l=xerces-c-users\u0026m=157653840106914\u0026w=2"
},
{
"name": "FEDORA-2023-52ba628e03",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
},
{
"name": "FEDORA-2023-817ecc703f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
},
{
"name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3704-1] xerces-c security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
},
{
"name": "[oss-security] 20240216 CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1311",
"datePublished": "2019-12-18T00:00:00.000Z",
"dateReserved": "2017-12-07T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:14:14.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-12627 (GCVE-0-2017-12627)
Vulnerability from nvd – Published: 2018-03-01 14:00 – Updated: 2024-09-17 01:15
VLAI?
Summary
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xerces C++ |
Affected:
< 3.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
},
{
"name": "103219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103219"
},
{
"name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2018/q1/203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Xerces C++",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.1"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-31T07:06:52",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
},
{
"name": "103219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103219"
},
{
"name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2018/q1/203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2017-12627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Xerces C++",
"version": {
"version_data": [
{
"version_value": "\u003c 3.2.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
},
{
"name": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
},
{
"name": "103219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103219"
},
{
"name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q1/203"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-12627",
"datePublished": "2018-03-01T14:00:00Z",
"dateReserved": "2017-08-07T00:00:00",
"dateUpdated": "2024-09-17T01:15:50.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0880 (GCVE-0-2012-0880)
Vulnerability from nvd – Published: 2017-08-08 21:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=787103"
},
{
"name": "[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/96"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-09T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=787103"
},
{
"name": "[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/96"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0880",
"datePublished": "2017-08-08T21:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4463 (GCVE-0-2016-4463)
Vulnerability from nvd – Published: 2016-07-08 19:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/XERCESC-2069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510\u0026version=12336069"
},
{
"name": "RHSA-2018:3335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3335"
},
{
"name": "DSA-3610",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3610"
},
{
"name": "1036211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036211"
},
{
"name": "openSUSE-SU-2016:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "RHSA-2018:3506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3506"
},
{
"name": "RHSA-2018:3514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3514"
},
{
"name": "91501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt"
},
{
"name": "20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html"
},
{
"name": "openSUSE-SU-2016:1808",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T21:06:40",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/XERCESC-2069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510\u0026version=12336069"
},
{
"name": "RHSA-2018:3335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3335"
},
{
"name": "DSA-3610",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3610"
},
{
"name": "1036211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036211"
},
{
"name": "openSUSE-SU-2016:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "RHSA-2018:3506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3506"
},
{
"name": "RHSA-2018:3514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3514"
},
{
"name": "91501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt"
},
{
"name": "20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html"
},
{
"name": "openSUSE-SU-2016:1808",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4463",
"datePublished": "2016-07-08T19:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2099 (GCVE-0-2016-2099)
Vulnerability from nvd – Published: 2016-05-13 14:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3579",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/XERCESC-2066"
},
{
"name": "90502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90502"
},
{
"name": "GLSA-201612-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-46"
},
{
"name": "openSUSE-SU-2016:1744",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html"
},
{
"name": "openSUSE-SU-2016:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/7"
},
{
"name": "openSUSE-SU-2016:1808",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3579",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/XERCESC-2066"
},
{
"name": "90502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90502"
},
{
"name": "GLSA-201612-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-46"
},
{
"name": "openSUSE-SU-2016:1744",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html"
},
{
"name": "openSUSE-SU-2016:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/7"
},
{
"name": "openSUSE-SU-2016:1808",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3579",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3579"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://issues.apache.org/jira/browse/XERCESC-2066",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/XERCESC-2066"
},
{
"name": "90502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90502"
},
{
"name": "GLSA-201612-46",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-46"
},
{
"name": "openSUSE-SU-2016:1744",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html"
},
{
"name": "openSUSE-SU-2016:2232",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/7"
},
{
"name": "openSUSE-SU-2016:1808",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2099",
"datePublished": "2016-05-13T14:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0252 (GCVE-0-2015-0252)
Vulnerability from nvd – Published: 2015-03-24 17:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3199"
},
{
"name": "73252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73252"
},
{
"name": "FEDORA-2015-4226",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html"
},
{
"name": "FEDORA-2015-4228",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"
},
{
"name": "FEDORA-2015-4321",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"
},
{
"name": "openSUSE-SU-2016:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html"
},
{
"name": "FEDORA-2015-4251",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"
},
{
"name": "RHSA-2015:1193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1193.html"
},
{
"name": "FEDORA-2015-4272",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"
},
{
"name": "FEDORA-2015-4285",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"
},
{
"name": "1032254",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "36906",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/36906/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://shibboleth.net/community/advisories/secadv_20150319.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3199"
},
{
"name": "73252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73252"
},
{
"name": "FEDORA-2015-4226",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html"
},
{
"name": "FEDORA-2015-4228",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"
},
{
"name": "FEDORA-2015-4321",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"
},
{
"name": "openSUSE-SU-2016:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html"
},
{
"name": "FEDORA-2015-4251",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"
},
{
"name": "RHSA-2015:1193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1193.html"
},
{
"name": "FEDORA-2015-4272",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"
},
{
"name": "FEDORA-2015-4285",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"
},
{
"name": "1032254",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "36906",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/36906/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://shibboleth.net/community/advisories/secadv_20150319.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3199"
},
{
"name": "73252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73252"
},
{
"name": "FEDORA-2015-4226",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html"
},
{
"name": "FEDORA-2015-4228",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"
},
{
"name": "FEDORA-2015-4321",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"
},
{
"name": "openSUSE-SU-2016:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html"
},
{
"name": "FEDORA-2015-4251",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"
},
{
"name": "RHSA-2015:1193",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1193.html"
},
{
"name": "FEDORA-2015-4272",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"
},
{
"name": "FEDORA-2015-4285",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"
},
{
"name": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html"
},
{
"name": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"
},
{
"name": "1032254",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032254"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "36906",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36906/"
},
{
"name": "https://shibboleth.net/community/advisories/secadv_20150319.txt",
"refsource": "CONFIRM",
"url": "https://shibboleth.net/community/advisories/secadv_20150319.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0252",
"datePublished": "2015-03-24T17:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1885 (GCVE-0-2009-1885)
Vulnerability from nvd – Published: 2009-08-11 18:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "FEDORA-2009-8345",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html"
},
{
"name": "36201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36201"
},
{
"name": "ADV-2009-2196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488\u0026r2=781487\u0026pathrev=781488\u0026view=patch"
},
{
"name": "FEDORA-2009-8305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html"
},
{
"name": "MDVSA-2009:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:223"
},
{
"name": "xerces-c-dtd-dos(52321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52321"
},
{
"name": "FEDORA-2009-8350",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=781488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515515"
},
{
"name": "FEDORA-2009-8332",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in \"simply nested DTD structures,\" as demonstrated by the Codenomicon XML fuzzing framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "FEDORA-2009-8345",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html"
},
{
"name": "36201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36201"
},
{
"name": "ADV-2009-2196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488\u0026r2=781487\u0026pathrev=781488\u0026view=patch"
},
{
"name": "FEDORA-2009-8305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html"
},
{
"name": "MDVSA-2009:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:223"
},
{
"name": "xerces-c-dtd-dos(52321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52321"
},
{
"name": "FEDORA-2009-8350",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=781488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515515"
},
{
"name": "FEDORA-2009-8332",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1885",
"datePublished": "2009-08-11T18:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4482 (GCVE-0-2008-4482)
Vulnerability from nvd – Published: 2008-10-08 01:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xerces-maxoccurs-dos(45596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45596"
},
{
"name": "31533",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xerces.apache.org/xerces-c/releases.html"
},
{
"name": "32108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://issues.apache.org/jira/browse/XERCESC-1051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xerces-maxoccurs-dos(45596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45596"
},
{
"name": "31533",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xerces.apache.org/xerces-c/releases.html"
},
{
"name": "32108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://issues.apache.org/jira/browse/XERCESC-1051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xerces-maxoccurs-dos(45596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45596"
},
{
"name": "31533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31533"
},
{
"name": "http://xerces.apache.org/xerces-c/releases.html",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/releases.html"
},
{
"name": "32108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32108"
},
{
"name": "http://issues.apache.org/jira/browse/XERCESC-1051",
"refsource": "MISC",
"url": "http://issues.apache.org/jira/browse/XERCESC-1051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4482",
"datePublished": "2008-10-08T01:00:00",
"dateReserved": "2008-10-07T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1575 (GCVE-0-2004-1575)
Vulnerability from nvd – Published: 2005-02-20 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109674050017645\u0026w=2"
},
{
"name": "12715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12715"
},
{
"name": "xercescplusplus-xml-parser-dos(17575)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17575"
},
{
"name": "11312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109674050017645\u0026w=2"
},
{
"name": "12715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12715"
},
{
"name": "xercescplusplus-xml-parser-dos(17575)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17575"
},
{
"name": "11312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109674050017645\u0026w=2"
},
{
"name": "12715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12715"
},
{
"name": "xercescplusplus-xml-parser-dos(17575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17575"
},
{
"name": "11312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1575",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23807 (GCVE-0-2024-23807)
Vulnerability from cvelistv5 – Published: 2024-02-28 13:50 – Updated: 2026-01-22 04:55
VLAI?
Title
Apache Xerces C++: Use-after-free on external DTD scan
Summary
The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.
Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.
Severity ?
No CVSS data available.
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xerces C++ |
Affected:
3.0.0 , < 3.2.5
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:apache:xerces-c:3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xerces-c",
"vendor": "apache",
"versions": [
{
"lessThan": "3.2.5",
"status": "affected",
"version": "3.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23807",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-21T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T04:55:53.687Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/apache/xerces-c/pull/54"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Xerces C++",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.2.5",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eThe Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.\n\nUsers are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.\n\nThis issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.\n\n"
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-28T13:50:39.904Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/apache/xerces-c/pull/54"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r"
}
],
"source": {
"defect": [
"XERCESC-2188"
],
"discovery": "UNKNOWN"
},
"title": "Apache Xerces C++: Use-after-free on external DTD scan",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-23807",
"datePublished": "2024-02-28T13:50:39.904Z",
"dateReserved": "2024-01-22T16:40:42.873Z",
"dateUpdated": "2026-01-22T04:55:53.687Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-37536 (GCVE-0-2023-37536)
Vulnerability from cvelistv5 – Published: 2023-10-11 06:46 – Updated: 2025-02-13 17:01
VLAI?
Title
HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3
Summary
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
Severity ?
8.2 (High)
CWE
- CWE-680 - Integer Overflow to Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HCL Software | BigFix Platform |
Affected:
9.5 - 9.5.22, 10 - 10.0.9
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:hcltech:bigfix_platform:10:*:*:*:*:*:*:*",
"cpe:2.3:a:hcltech:bigfix_platform:9.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bigfix_platform",
"vendor": "hcltech",
"versions": [
{
"lessThanOrEqual": "9.5.22",
"status": "affected",
"version": "10",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.9",
"status": "affected",
"version": "9.5",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fedora",
"vendor": "fedoraproject",
"versions": [
{
"status": "affected",
"version": "37"
},
{
"status": "affected",
"version": "38"
},
{
"status": "affected",
"version": "39"
}
]
},
{
"cpes": [
"cpe:2.3:a:apache:xerces-c\\+\\+:3.2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xerces-c\\+\\+",
"vendor": "apache",
"versions": [
{
"status": "affected",
"version": "3.2.2"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37536",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T03:55:41.734161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T13:05:26.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BigFix Platform",
"vendor": "HCL Software",
"versions": [
{
"status": "affected",
"version": "9.5 - 9.5.22, 10 - 10.0.9"
}
]
}
],
"datePublic": "2023-09-28T18:26:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.\u003c/span\u003e"
}
],
"value": "An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-31T14:06:26.448Z",
"orgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"shortName": "HCL"
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0107791"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "1e47fe04-f25f-42fa-b674-36de2c5e3cfc",
"assignerShortName": "HCL",
"cveId": "CVE-2023-37536",
"datePublished": "2023-10-11T06:46:01.750Z",
"dateReserved": "2023-07-06T16:29:45.713Z",
"dateUpdated": "2025-02-13T17:01:28.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1311 (GCVE-0-2018-1311)
Vulnerability from cvelistv5 – Published: 2019-12-18 00:00 – Updated: 2025-11-04 18:14
VLAI?
Summary
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
Severity ?
No CVSS data available.
CWE
- Denial of Service and Remote Exploit
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xerces-C |
Affected:
3.0.0 to 3.2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T18:14:14.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E"
},
{
"name": "RHSA-2020:0704",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0704"
},
{
"name": "RHSA-2020:0702",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0702"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2498-1] xerces-c security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html"
},
{
"name": "DSA-4814",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4814"
},
{
"name": "[xerces-c-users] 20210528 Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E"
},
{
"name": "[xerces-c-users] 20210528 RE: Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E"
},
{
"name": "[xerces-c-users] 20210528 Re: Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://marc.info/?l=xerces-c-users\u0026m=157653840106914\u0026w=2"
},
{
"name": "FEDORA-2023-52ba628e03",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
},
{
"name": "FEDORA-2023-817ecc703f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
},
{
"name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3704-1] xerces-c security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
},
{
"name": "[oss-security] 20240216 CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/1"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Xerces-C",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 3.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service and Remote Exploit",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T17:05:54.808Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E"
},
{
"name": "RHSA-2020:0704",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0704"
},
{
"name": "RHSA-2020:0702",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0702"
},
{
"name": "[debian-lts-announce] 20201217 [SECURITY] [DLA 2498-1] xerces-c security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html"
},
{
"name": "DSA-4814",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4814"
},
{
"name": "[xerces-c-users] 20210528 Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E"
},
{
"name": "[xerces-c-users] 20210528 RE: Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E"
},
{
"name": "[xerces-c-users] 20210528 Re: Security vulnerability - CVE-2018-1311",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://marc.info/?l=xerces-c-users\u0026m=157653840106914\u0026w=2"
},
{
"name": "FEDORA-2023-52ba628e03",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"
},
{
"name": "FEDORA-2023-817ecc703f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"
},
{
"name": "[debian-lts-announce] 20231231 [SECURITY] [DLA 3704-1] xerces-c security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"
},
{
"name": "[oss-security] 20240216 CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2018-1311",
"datePublished": "2019-12-18T00:00:00.000Z",
"dateReserved": "2017-12-07T00:00:00.000Z",
"dateUpdated": "2025-11-04T18:14:14.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2017-12627 (GCVE-0-2017-12627)
Vulnerability from cvelistv5 – Published: 2018-03-01 14:00 – Updated: 2024-09-17 01:15
VLAI?
Summary
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
Severity ?
No CVSS data available.
CWE
- Denial of Service
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Xerces C++ |
Affected:
< 3.2.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
},
{
"name": "103219",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103219"
},
{
"name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2018/q1/203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Xerces C++",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "\u003c 3.2.1"
}
]
}
],
"datePublic": "2018-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-31T07:06:52",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
},
{
"name": "103219",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103219"
},
{
"name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2018/q1/203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-28T00:00:00",
"ID": "CVE-2017-12627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Xerces C++",
"version": {
"version_data": [
{
"version_value": "\u003c 3.2.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
},
{
"name": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
},
{
"name": "103219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103219"
},
{
"name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2018/q1/203"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2017-12627",
"datePublished": "2018-03-01T14:00:00Z",
"dateReserved": "2017-08-07T00:00:00",
"dateUpdated": "2024-09-17T01:15:50.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0880 (GCVE-0-2012-0880)
Vulnerability from cvelistv5 – Published: 2017-08-08 21:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:15.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=787103"
},
{
"name": "[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/96"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-09T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=787103"
},
{
"name": "[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/96"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0880",
"datePublished": "2017-08-08T21:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:15.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4463 (GCVE-0-2016-4463)
Vulnerability from cvelistv5 – Published: 2016-07-08 19:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/XERCESC-2069"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510\u0026version=12336069"
},
{
"name": "RHSA-2018:3335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3335"
},
{
"name": "DSA-3610",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2016/dsa-3610"
},
{
"name": "1036211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036211"
},
{
"name": "openSUSE-SU-2016:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "RHSA-2018:3506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3506"
},
{
"name": "RHSA-2018:3514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3514"
},
{
"name": "91501",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt"
},
{
"name": "20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html"
},
{
"name": "openSUSE-SU-2016:1808",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-15T21:06:40",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/XERCESC-2069"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510\u0026version=12336069"
},
{
"name": "RHSA-2018:3335",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3335"
},
{
"name": "DSA-3610",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2016/dsa-3610"
},
{
"name": "1036211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036211"
},
{
"name": "openSUSE-SU-2016:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "RHSA-2018:3506",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3506"
},
{
"name": "RHSA-2018:3514",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3514"
},
{
"name": "91501",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt"
},
{
"name": "20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/538784/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html"
},
{
"name": "openSUSE-SU-2016:1808",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-4463",
"datePublished": "2016-07-08T19:00:00",
"dateReserved": "2016-05-02T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2099 (GCVE-0-2016-2099)
Vulnerability from cvelistv5 – Published: 2016-05-13 14:00 – Updated: 2024-08-05 23:17
VLAI?
Summary
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:17:50.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3579",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/XERCESC-2066"
},
{
"name": "90502",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/90502"
},
{
"name": "GLSA-201612-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201612-46"
},
{
"name": "openSUSE-SU-2016:1744",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html"
},
{
"name": "openSUSE-SU-2016:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/7"
},
{
"name": "openSUSE-SU-2016:1808",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3579",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/XERCESC-2066"
},
{
"name": "90502",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/90502"
},
{
"name": "GLSA-201612-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201612-46"
},
{
"name": "openSUSE-SU-2016:1744",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html"
},
{
"name": "openSUSE-SU-2016:2232",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/7"
},
{
"name": "openSUSE-SU-2016:1808",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3579",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3579"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "https://issues.apache.org/jira/browse/XERCESC-2066",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/XERCESC-2066"
},
{
"name": "90502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/90502"
},
{
"name": "GLSA-201612-46",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-46"
},
{
"name": "openSUSE-SU-2016:1744",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00016.html"
},
{
"name": "openSUSE-SU-2016:2232",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-09/msg00013.html"
},
{
"name": "[oss-security] 20160509 CVE-2016-2099: use-after-free in Xerces 3.1.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/05/09/7"
},
{
"name": "openSUSE-SU-2016:1808",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-07/msg00053.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2099",
"datePublished": "2016-05-13T14:00:00",
"dateReserved": "2016-01-29T00:00:00",
"dateUpdated": "2024-08-05T23:17:50.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-0252 (GCVE-0-2015-0252)
Vulnerability from cvelistv5 – Published: 2015-03-24 17:00 – Updated: 2024-08-06 04:03
VLAI?
Summary
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3199"
},
{
"name": "73252",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/73252"
},
{
"name": "FEDORA-2015-4226",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html"
},
{
"name": "FEDORA-2015-4228",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"
},
{
"name": "FEDORA-2015-4321",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"
},
{
"name": "openSUSE-SU-2016:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html"
},
{
"name": "FEDORA-2015-4251",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"
},
{
"name": "RHSA-2015:1193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1193.html"
},
{
"name": "FEDORA-2015-4272",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"
},
{
"name": "FEDORA-2015-4285",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"
},
{
"name": "1032254",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "36906",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/36906/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://shibboleth.net/community/advisories/secadv_20150319.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-3199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3199"
},
{
"name": "73252",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/73252"
},
{
"name": "FEDORA-2015-4226",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html"
},
{
"name": "FEDORA-2015-4228",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"
},
{
"name": "FEDORA-2015-4321",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"
},
{
"name": "openSUSE-SU-2016:0966",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html"
},
{
"name": "FEDORA-2015-4251",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"
},
{
"name": "RHSA-2015:1193",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1193.html"
},
{
"name": "FEDORA-2015-4272",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"
},
{
"name": "FEDORA-2015-4285",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"
},
{
"name": "1032254",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "36906",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/36906/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://shibboleth.net/community/advisories/secadv_20150319.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3199"
},
{
"name": "73252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73252"
},
{
"name": "FEDORA-2015-4226",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html"
},
{
"name": "FEDORA-2015-4228",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"
},
{
"name": "FEDORA-2015-4321",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"
},
{
"name": "openSUSE-SU-2016:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html"
},
{
"name": "FEDORA-2015-4251",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"
},
{
"name": "RHSA-2015:1193",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1193.html"
},
{
"name": "FEDORA-2015-4272",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"
},
{
"name": "FEDORA-2015-4285",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"
},
{
"name": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html"
},
{
"name": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"
},
{
"name": "1032254",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032254"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "36906",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36906/"
},
{
"name": "https://shibboleth.net/community/advisories/secadv_20150319.txt",
"refsource": "CONFIRM",
"url": "https://shibboleth.net/community/advisories/secadv_20150319.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0252",
"datePublished": "2015-03-24T17:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1885 (GCVE-0-2009-1885)
Vulnerability from cvelistv5 – Published: 2009-08-11 18:00 – Updated: 2024-08-07 05:27
VLAI?
Summary
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35986",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "FEDORA-2009-8345",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html"
},
{
"name": "36201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36201"
},
{
"name": "ADV-2009-2196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/2196"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488\u0026r2=781487\u0026pathrev=781488\u0026view=patch"
},
{
"name": "FEDORA-2009-8305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html"
},
{
"name": "MDVSA-2009:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:223"
},
{
"name": "xerces-c-dtd-dos(52321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52321"
},
{
"name": "FEDORA-2009-8350",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=781488"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515515"
},
{
"name": "FEDORA-2009-8332",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in \"simply nested DTD structures,\" as demonstrated by the Codenomicon XML fuzzing framework."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "35986",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "FEDORA-2009-8345",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html"
},
{
"name": "36201",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36201"
},
{
"name": "ADV-2009-2196",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/2196"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488\u0026r2=781487\u0026pathrev=781488\u0026view=patch"
},
{
"name": "FEDORA-2009-8305",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html"
},
{
"name": "MDVSA-2009:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:223"
},
{
"name": "xerces-c-dtd-dos(52321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52321"
},
{
"name": "FEDORA-2009-8350",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=rev\u0026revision=781488"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515515"
},
{
"name": "FEDORA-2009-8332",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1885",
"datePublished": "2009-08-11T18:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4482 (GCVE-0-2008-4482)
Vulnerability from cvelistv5 – Published: 2008-10-08 01:00 – Updated: 2024-08-07 10:17
VLAI?
Summary
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xerces-maxoccurs-dos(45596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45596"
},
{
"name": "31533",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31533"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xerces.apache.org/xerces-c/releases.html"
},
{
"name": "32108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32108"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://issues.apache.org/jira/browse/XERCESC-1051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xerces-maxoccurs-dos(45596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45596"
},
{
"name": "31533",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31533"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xerces.apache.org/xerces-c/releases.html"
},
{
"name": "32108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32108"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://issues.apache.org/jira/browse/XERCESC-1051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xerces-maxoccurs-dos(45596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45596"
},
{
"name": "31533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31533"
},
{
"name": "http://xerces.apache.org/xerces-c/releases.html",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/releases.html"
},
{
"name": "32108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32108"
},
{
"name": "http://issues.apache.org/jira/browse/XERCESC-1051",
"refsource": "MISC",
"url": "http://issues.apache.org/jira/browse/XERCESC-1051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4482",
"datePublished": "2008-10-08T01:00:00",
"dateReserved": "2008-10-07T00:00:00",
"dateUpdated": "2024-08-07T10:17:09.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1575 (GCVE-0-2004-1575)
Vulnerability from cvelistv5 – Published: 2005-02-20 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:24.195Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109674050017645\u0026w=2"
},
{
"name": "12715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12715"
},
{
"name": "xercescplusplus-xml-parser-dos(17575)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17575"
},
{
"name": "11312",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109674050017645\u0026w=2"
},
{
"name": "12715",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12715"
},
{
"name": "xercescplusplus-xml-parser-dos(17575)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17575"
},
{
"name": "11312",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11312"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041002 Security advisory - Xerces-C++ 2.5.0: Attribute blowup",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109674050017645\u0026w=2"
},
{
"name": "12715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12715"
},
{
"name": "xercescplusplus-xml-parser-dos(17575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17575"
},
{
"name": "11312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11312"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1575",
"datePublished": "2005-02-20T05:00:00",
"dateReserved": "2005-02-20T00:00:00",
"dateUpdated": "2024-08-08T00:53:24.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}