Red Hat Security Advisory 2015-1193-01 - Xerces-C is a validating XML parser written in a portable subset of C++. A flaw was found in the way the Xerces-C XML parser processed certain XML documents. A remote attacker could provide specially crafted XML input that, when parsed by an application using Xerces-C, would cause that application to crash. All xerces-c users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
f53c22d063cac6510e87555a911ccca5902d8eb1bbcfe85374a148575fb20968Apache Xerces-C XML Parser versions prior to 3.1.2 denial of service proof of concept exploit.
30488ede2d26367dc473ba4f0b4e4ca46266e68ea2122a7b653d4edb9c6d6595Debian Linux Security Advisory 3199-1 - Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. An unauthenticated attacker could use this flaw to cause an application using the xerces-c library to crash.
fe40402cd6a4bce3afcddae3aa6bb1ca5dc1d4a4c234a62b94defe6a4e6c221aThe Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may allow for an unauthenticated attacker to supply malformed input and cause a crash. Versions of the library prior to 3.1.2 are affected.
3dd245d7876fe454d3a8c1ec13a6484e7872039a9697ae145a93ae658dfca1a2
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed