← Voltar para CVEs
CVE-2009-1885
N/ADescricao
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado8/11/2009
Ultima modificacao4/23/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
apache:xerces-c\+\+
Fraquezas (CWE)
CWE-119
Referencias
http://secunia.com/advisories/36201(secalert@redhat.com)
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch(secalert@redhat.com)
http://svn.apache.org/viewvc?view=rev&revision=781488(secalert@redhat.com)
http://www.cert.fi/en/reports/2009/vulnerability2009085.html(secalert@redhat.com)
http://www.codenomicon.com/labs/xml/(secalert@redhat.com)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:223(secalert@redhat.com)
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html(secalert@redhat.com)
http://www.securityfocus.com/bid/35986(secalert@redhat.com)
http://www.vupen.com/english/advisories/2009/2196(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=515515(secalert@redhat.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52321(secalert@redhat.com)
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html(secalert@redhat.com)
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html(secalert@redhat.com)
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html(secalert@redhat.com)
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html(secalert@redhat.com)
http://secunia.com/advisories/36201(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch(af854a3a-2127-422b-91ae-364da2661108)
http://svn.apache.org/viewvc?view=rev&revision=781488(af854a3a-2127-422b-91ae-364da2661108)
http://www.cert.fi/en/reports/2009/vulnerability2009085.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.codenomicon.com/labs/xml/(af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2009:223(af854a3a-2127-422b-91ae-364da2661108)
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/35986(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/2196(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=515515(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/52321(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.