The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Apache Xerces-C++

vulnerability note CVE-2017-12627

Apache Xerces-C++: NULL pointer dereference via the DTD reference

Synthesis of the vulnerability

An attacker can force Apache Xerces-C++ dereference a NULL pointer while processing the path to the external DTD, in order to trigger a denial of service.
Impacted products: Xerces-C++, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES.
Severity: 1/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 01/03/2018.
Identifiers: CVE-2017-12627, DLA-1328-1, FEDORA-2018-51ce232320, FEDORA-2018-7b97e553ff, openSUSE-SU-2019:1283-1, SUSE-SU-2018:3277-1, SUSE-SU-2019:0977-1, VIGILANCE-VUL-25404.

Description of the vulnerability

An attacker can force Apache Xerces-C++ dereference a NULL pointer while processing the path to the external DTD, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2016-4463

Apache Xerces-C: denial of service via a deeply nested DTD

Synthesis of the vulnerability

An attacker can submit an XML document including a deeply nested DTD to Apache Xerces-C, in order to trigger a denial of service.
Impacted products: Xerces-C++, Debian, BIG-IP Hardware, TMOS, Fedora, Notes, McAfee Web Gateway, openSUSE, openSUSE Leap, Oracle Communications, RHEL, Shibboleth SP, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 30/06/2016.
Identifiers: 1983969, 1984073, 1987066, 1990410, cpujul2018, CVE-2016-4463, DLA-535-1, DSA-3610-1, FEDORA-2016-0a061f6dd9, FEDORA-2016-7615febbd6, FEDORA-2016-84373c5f4f, FEDORA-2016-87e8468465, FEDORA-2016-9284772686, FEDORA-2016-d2d6890690, FEDORA-2018-51ce232320, openSUSE-SU-2016:1808-1, openSUSE-SU-2016:2232-1, RHSA-2018:3335-01, RHSA-2018:3506-01, RHSA-2018:3514-01, SB10276, SOL70191975, SUSE-SU-2018:3277-1, VIGILANCE-VUL-20001.

Description of the vulnerability

The Apache Xerces-C XML parser handles Document Type Definition, including the internal part in an XML document.

DTDs are recursively parsed. However, Xerces does not limit the depth of the element definitions in the DTD. So a very deeply nested DTD can make the parser stack grow until its limit. This overflow kills the application process.

An attacker can therefore submit an XML document including a deeply nested DTD to Apache Xerces-C, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-2099

Apache Xerces-C++: use after free via DTDScanner

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area in DTDScanner of Apache Xerces-C++, in order to trigger a denial of service, and possibly to run code.
Impacted products: Xerces-C++, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, openSUSE Leap, Oracle Communications.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/05/2016.
Revision date: 28/06/2016.
Identifiers: cpujul2018, CVE-2016-2099, DLA-467-1, DSA-3579-1, FEDORA-2016-0a061f6dd9, FEDORA-2016-7615febbd6, FEDORA-2016-84373c5f4f, FEDORA-2016-87e8468465, FEDORA-2016-9284772686, FEDORA-2016-d2d6890690, openSUSE-SU-2016:1744-1, openSUSE-SU-2016:1808-1, openSUSE-SU-2016:2232-1, SOL04253390, VIGILANCE-VUL-19566, XERCESC-2066.

Description of the vulnerability

The Apache Xerces-C++ product calls DTDScanner from the XMLReader class, in order to analyze DTD data.

However, if an invalid character is encountered, an exception handler frees a memory area before reusing it.

An attacker can therefore force the usage of a freed memory area in DTDScanner of Apache Xerces-C++, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-0729

Apache Xerces-C: buffer overflow

Synthesis of the vulnerability

An attacker can generate a buffer overflow of Apache Xerces-C, in order to trigger a denial of service, and possibly to run code.
Impacted products: Xerces-C++, Debian, Fedora, DB2 UDB, Notes, openSUSE, openSUSE Leap, Oracle Communications, RHEL, Shibboleth SP.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 25/02/2016.
Identifiers: 1610582, 1983969, 1984073, 1987066, 1990410, 2002647, cpuapr2017, cpuoct2018, CVE-2016-0729, DSA-3493-1, FEDORA-2016-0a061f6dd9, FEDORA-2016-7615febbd6, FEDORA-2016-87e8468465, FEDORA-2016-880b91c090, FEDORA-2016-ae9ac16cf3, openSUSE-SU-2016:0966-1, openSUSE-SU-2016:1121-1, RHSA-2016:0430-01, VIGILANCE-VUL-19033.

Description of the vulnerability

The Apache Xerces-C product analyzes XML data.

However, if the size of data is greater than the size of the storage array, an overflow occurs.

An attacker can therefore generate a buffer overflow of Apache Xerces-C, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-0252

Apache Xerces-C++: unreachable memory reading via XMLReader.cpp

Synthesis of the vulnerability

An attacker can force a read at an invalid address in XMLReader.cpp of Apache Xerces-C++, in order to trigger a denial of service.
Impacted products: Xerces-C++, Debian, Fedora, openSUSE, Oracle Communications, RHEL.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 20/03/2015.
Revision date: 04/05/2015.
Identifiers: cpuoct2018, CVE-2015-0252, DSA-3199-1, FEDORA-2015-4228, FEDORA-2015-4251, FEDORA-2015-4285, FEDORA-2015-4321, openSUSE-SU-2016:0966-1, RHSA-2015:1193-01, VIGILANCE-VUL-16432.

Description of the vulnerability

The Apache Xerces-C++ product uses the src/xercesc/internal/XMLReader.cpp file to analyze XML data.

However, several XMLReader.cpp finction try to read a memory area which is not reachable, which triggers a fatal error.

An attacker can therefore force a read at an invalid address in XMLReader.cpp of Apache Xerces-C++, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-0880

Apache Xerces-C++: denial of service via hash collision

Synthesis of the vulnerability

An attacker can send data generating storage collisions, in order to overload a service.
Impacted products: Xerces-C++.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 22/07/2014.
Identifiers: 787103, CVE-2012-0880, VIGILANCE-VUL-15082.

Description of the vulnerability

The bulletin VIGILANCE-VUL-11254 describes a vulnerability which can be used to create a denial of service on several applications.

This vulnerability also impacts Apache Xerces-C++.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2009-1885

Apache Xerces C++, Python libexpat: denial of service via DTD

Synthesis of the vulnerability

An attacker can create an XML DTD containing nested parentheses, in order to generate an infinite loop in Apache Xerces C++ or Python libexpat.
Impacted products: Xerces-C++, Fedora, Mandriva Linux, openSUSE, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 10/08/2009.
Identifiers: BID-35986, BID-35988, CVE-2009-1885, FEDORA-2009-8305, FEDORA-2009-8332, FEDORA-2009-8345, FEDORA-2009-8350, FICORA #245608, MDVSA-2009:223, MDVSA-2009:223-1, SUSE-SR:2009:014, VIGILANCE-VUL-8926.

Description of the vulnerability

The Apache Xerces C++ and Python libexpat products manage XML DTD (Document Type Definition). They share the same vulnerability.

A DTD for example contains:
  <!ELEMENT name (#PCDATA)>
However, when there are several nested parentheses, an infinite loop occurs in Apache Xerces C++ or Python libexpat.

An attacker can therefore create a malicious XML DTD, in order to generate a denial of service in applications using Apache Xerces C++ or Python libexpat.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Apache Xerces-C++: