CVE-2009-1885
published 2009-08-11CVE-2009-1885: Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | xerces-c | — | — |
| apache | xerces-c | — | — |
| apache | xerces-c | >= 0 < 3.0.1-2 | 3.0.1-2 |
| apache | xerces-c | >= 0 < 3.0.1-2 | 3.0.1-2 |
| apache | xerces-c | >= 0 < 3.0.1-2 | 3.0.1-2 |
| apache | xerces-c | >= 0 < 3.0.1-2 | 3.0.1-2 |
| debian | xerces-c | < xerces-c 3.0.1-2 (bookworm) | xerces-c 3.0.1-2 (bookworm) |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM