Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0252Improper Input Validation in Apache Xerces-c

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
25.2%
top 3.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Apache Xerces-cDebian LinuxFedoraproject Fedora
Timeline
PublishedMar 24
Latest updateMay 14

Description

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debianapache/xerces-c< 3.1.1-5.1+3
NVDapache/xerces-c3.1.1

Also affects: Debian Linux 7.1, Fedora 20, 21, 22

🔴Vulnerability Details

3
GHSA
GHSA-394g-p2rq-jhvm: internal/XMLReader2022-05-14
CVEList
CVE-2015-0252: internal/XMLReader2015-03-24
OSV
CVE-2015-0252: internal/XMLReader2015-03-24

💥Exploits & PoCs

1
Exploit-DB
Apache Xerces-C XML Parser < 3.1.2 - Denial of Service (PoC)2015-05-04

📋Vendor Advisories

2
Red Hat
xerces-c: crashes on malformed input2015-03-20
Debian
CVE-2015-0252: xerces-c - internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers t...2015

💬Community

5
Bugzilla
CVE-2015-0252 mingw-xerces-c: xerces-c: crashes on malformed input [fedora-all]2015-03-20
Bugzilla
CVE-2015-0252 xerces-c: crashes on malformed input [epel-6]2015-03-20
Bugzilla
CVE-2015-0252 xerces-c: crashes on malformed input [fedora-all]2015-03-20
Bugzilla
CVE-2015-0252 xerces-c27: xerces-c: crashes on malformed input [fedora-all]2015-03-20
Bugzilla
CVE-2015-0252 xerces-c: crashes on malformed input2015-03-05
CVE-2015-0252 — Improper Input Validation in Apache | cvebase