What is CVE-2015-0252?

CVE-2015-0252 is a vulnerability in Apache Xerces-c\+\+, classified under Improper Input Validation. Published 2015-03-24.

Is CVE-2015-0252 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Xerces-c\+\+

CVE-2015-0252

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.399 (98.4th percentile) — read the EPSS interpretation.

Affected products

Apache Xerces-c\+\+
Debian Debian_linux — versions 7.1
Fedoraproject Fedora — versions 20, 21, 22
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

secalert@redhat.com (vendor-advisory, x_refsource_DEBIAN)
secalert@redhat.com (vdb-entry, x_refsource_BID)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)
secalert@redhat.com (vendor-advisory, x_refsource_FEDORA)

Frequently asked questions

What is CVE-2015-0252?: CVE-2015-0252 is a vulnerability in Apache Xerces-c\+\+, classified under Improper Input Validation. Published 2015-03-24.
Is CVE-2015-0252 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.