Severity: Critical
Vendor: The Apache Software Foundation
Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.3
Description: The Xerces-C XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overlows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.
Mitigation: Applications that are using library versions older than
V3.1.3 should upgrade as soon as possible. Distributors of older versions
should apply the patches from this subversion revision:
http://svn.apache.org/viewvc?
Credit: This issue was reported by Gustavo Grieco.
References:
http://xerces.apache.org/
Komentarų nėra:
Rašyti komentarą