Buffer overflow in Apache Xerces-c\+\+
CVE-2009-1885
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid…
Vulnerability class: Buffer Overflow
EPSS: 0.053 (91.6th percentile) — read the EPSS interpretation.
Affected products
- Apache Xerces-c\+\+ — versions 2.7.0, 2.8.0
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (Patch, vdb-entry, x_refsource_VUPEN, Vendor Advisory)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
- secalert@redhat.com (vendor-advisory, x_refsource_MANDRIVA)