CVE-2008-4482Improper Input Validation in Apache Xerces-c

CWE-20Improper Input Validation4 documents4 sources
Severity
7.8HIGHNVD
EPSS
2.0%
top 16.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Xerces-c
Timeline
PublishedOct 8
Latest updateMay 2

Description

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

NVDapache/xerces-c2.8.0+17

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-37q4-89pv-rvxq: The XML parser in Xerces-C++ before 32022-05-02
CVEList
CVE-2008-4482: The XML parser in Xerces-C++ before 32008-10-08

📋Vendor Advisories

1
Red Hat
CVE-2008-4482: The XML parser in Xerces-C++ before 3
CVE-2008-4482 — Improper Input Validation in Apache | cvebase