exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Apache Xerces-C XML Parser Crash

Apache Xerces-C XML Parser Crash
Posted Mar 21, 2015
Authored by Scott Cantor | Site xerces.apache.org

The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may allow for an unauthenticated attacker to supply malformed input and cause a crash. Versions of the library prior to 3.1.2 are affected.

tags | advisory, remote, denial of service, code execution
advisories | CVE-2015-0252
SHA-256 | 3dd245d7876fe454d3a8c1ec13a6484e7872039a9697ae145a93ae658dfca1a2

Apache Xerces-C XML Parser Crash

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.2

Description: The Xerces-C XML parser mishandles certain kinds of
malformed input documents, resulting in a segmentation fault during
a parse operation. The bug does not appear to allow for remote code
execution, but is a denial of service attack that in many applications
may allow for an unauthenticated attacker to supply malformed input
and cause a crash.

Mitigation: Applications that are using library versions older than
V3.1.2 should upgrade as soon as possible. Distributors of older versions
should apply the patches from this subversion revision:

http://svn.apache.org/viewvc?view=revision&revision=1667870

Credit: This issue was reported independently by Anton Rager and Jonathan
Brossard from the Salesforce.com Product Security Team and by Ben Laurie
of Google.

References:
http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVCzmVAAoJEDeLhFQCJ3lipRoP/RLr+6EyyUBp7PxXi31pHYbv
z7E1GZLZ+349BydmI+28y6QXSjjQIeU1VXHaRdBCpfNqv2rIe7n+s/PvojprdHGZ
Ocxg7iPs+mQTxtkTJht1JqT1d4s96BN+DgPDRf7vUzMsu7u6mf9E+Ds2Yajddqgh
zxmsv5YFJlppeAOKDbyaWPfivJS7ubjDK7SQ8Il5N7XHSmVcdGMjGh0Zmbn0mlzk
iTp13aoEknYI3M+4OpIgtszOgbsMQnhRwOgAX+0jBHxrWkK4MBNlotY6oPtx6zWt
DjM/JRr9+V59BsQKrNmE/D0csoEf4OeBEgeqmNTjpy8EO+gOgVHWMowUUAVQkMqu
37njc8IyR/JXStdtzJpHsj4HO2PE9ZE1Uy69DCqCDEeGWl61qx4+sg7Ul783dAab
hCAvAO0zLiyPgkNdydmBQWGymHsle+niydNAi+EGj47rEJ7lDhJhl9qVQ0zyMXr4
O1//QwV7BUaRcgQhcbvd71KeDkPBBNvwpYLAXxIpDkI1/2qjo8ANHxzu/EMP8weK
N+KoIEugAab+t1s1qWpgneYXHLy3uE3KvVeNvb/iHsl5nzzFVBkPe+2OCZfWoedJ
t7gAXaZ2htrF2BQl6g/5hm13/6ajmrtNcX0hBjx2VB4VACOtt0bqextaW/w2Vvb4
AcsopfNHOGvXLDJ3JkHS
=l9vC
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close