The XML parser in Xerces-C++ prior to 3.0.0 allows context-dependent malicious users to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache xerces-c\\+\\+ 2.4.0 |
||
apache xerces-c\\+\\+ 2.3.0 |
||
apache xerces-c\\+\\+ 1.4.0 |
||
apache xerces-c\\+\\+ 1.3.0 |
||
apache xerces-c\\+\\+ 2.7.0 |
||
apache xerces-c\\+\\+ 2.6.0 |
||
apache xerces-c\\+\\+ 1.6.0 |
||
apache xerces-c\\+\\+ 1.5.0 |
||
apache xerces-c\\+\\+ 2.2.0 |
||
apache xerces-c\\+\\+ 2.1.0 |
||
apache xerces-c\\+\\+ 1.2.0 |
||
apache xerces-c\\+\\+ 1.1.0 |
||
apache xerces-c\\+\\+ 2.5.0 |
||
apache xerces-c\\+\\+ |
||
apache xerces-c\\+\\+ 2.0.0 |
||
apache xerces-c\\+\\+ 1.7.0 |
||
apache xerces-c\\+\\+ 1.0.1 |
||
apache xerces-c\\+\\+ 1.0.0 |