Lucene search
HistoryOct 08, 2008 - 2:00 a.m.
CVE-2008-4482
xerces-c++
xml parser
cve-2008-4482
denial of service
nvd
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
6.2 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.1%
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
Affected configurations
Node
apachexerces-c\+\+Range≤2.8.0
ORapachexerces-c\+\+Match1.0.0
ORapachexerces-c\+\+Match1.0.1
ORapachexerces-c\+\+Match1.1.0
ORapachexerces-c\+\+Match1.2.0
ORapachexerces-c\+\+Match1.3.0
ORapachexerces-c\+\+Match1.4.0
ORapachexerces-c\+\+Match1.5.0
ORapachexerces-c\+\+Match1.6.0
ORapachexerces-c\+\+Match1.7.0
ORapachexerces-c\+\+Match2.0.0
ORapachexerces-c\+\+Match2.1.0
ORapachexerces-c\+\+Match2.2.0
ORapachexerces-c\+\+Match2.3.0
ORapachexerces-c\+\+Match2.4.0
ORapachexerces-c\+\+Match2.5.0
ORapachexerces-c\+\+Match2.6.0
ORapachexerces-c\+\+Match2.7.0
Related
nessus
nessus
GLSA-200903-19 : Xerces-C++: Denial of Service
2009-03-10 00:00:00
gentoo
gentoo
Xerces-C++: Denial of service
2009-03-09 00:00:00
nvd
nvd
CVE-2008-4482
2008-10-08 02:00:01
ubuntucve
ubuntucve
CVE-2008-4482
2008-10-08 00:00:00
prion
prion
Design/Logic Flaw
2008-10-08 02:00:00
redhatcve
redhatcve
CVE-2008-4482
2015-10-30 10:13:56
openvas
openvas
Gentoo Security Advisory GLSA 200903-19 (xerces-c)
2009-03-13 00:00:00
Gentoo Security Advisory GLSA 200903-19 (xerces-c)
2009-03-13 00:00:00
cvelist
cvelist
CVE-2008-4482
2008-10-08 01:00:00
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
6.2 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
68.1%
Related for CVE-2008-4482