Showing 1 - 2 of 2

CVE-2023-37536

Status Candidate

Overview

An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Red Hat Security Advisory 2024-8795-03: Posted Nov 5, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-8795-03 - An update for xerces-c is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include an integer overflow vulnerability.; tags | advisory, overflow; systems | linux, redhat; advisories | CVE-2023-37536; SHA-256 | 3924bba45351c51965ad5890eee8318b2a16049fb4413665b26034948a79369b; Download | Favorite | View

Ubuntu Security Notice USN-6590-1: Posted Jan 19, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6590-1 - It was discovered that Xerces-C++ was not properly handling memory management operations when parsing XML data containing external DTDs, which could trigger a use-after-free error. If a user or automated system were tricked into processing a specially crafted XML document, an attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. It was discovered that Xerces-C++ was not properly performing bounds checks when processing XML Schema Definition files, which could lead to an out-of-bounds access via an HTTP request. If a user or automated system were tricked into processing a specially crafted XSD file, a remote attacker could possibly use this issue to cause a denial of service.; tags | advisory, remote, web, denial of service, arbitrary; systems | linux, ubuntu; advisories | CVE-2018-1311, CVE-2023-37536; SHA-256 | f40dc28e3c1750f24d759d3d0e4256073e4117e784f8a54448ad19d71f59eb02; Download | Favorite | View

Page 1 of 1 Back 1 Next