Описание
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | xerces-c | Not affected | ||
| Red Hat Enterprise MRG 2 | xerces-c | Will not fix | ||
| Red Hat Enterprise MRG 3 | xerces-c | Will not fix | ||
| Red Hat OpenShift Enterprise 2 | xerces-c | Will not fix | ||
| Red Hat Enterprise Linux 7 | xerces-c | Fixed | RHSA-2016:0430 | 10.03.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.
Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLU ...
EPSS
6.8 Medium
CVSS2