Lucene search

UbuntuUSN-6579-1

HistoryJan 11, 2024 - 12:00 a.m.

Xerces-C++ vulnerability

2024-01-1100:00:00

ubuntu.com

xerces-c++

ubuntu

esm

xml parser

memory management

external dtds

denial of service

arbitrary code

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.5%

JSON

Releases

Ubuntu 18.04 ESM
Ubuntu 16.04 ESM
Ubuntu 14.04 ESM

Packages

xerces-c - Validating XML parser written in a portable subset of C++

Details

It was discovered that Xerces-C++ was not properly handling memory
management operations when parsing XML data containing external DTDs,
which could trigger a use-after-free error. If a user or automated system
were tricked into processing a specially crafted XML document, an attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchlibxerces-c-samples< 3.2.0+debian-2ubuntu0.1~esm2UNKNOWN
Ubuntu18.04noarchlibxerces-c-dev< 3.2.0+debian-2UNKNOWN
Ubuntu18.04noarchlibxerces-c-doc< 3.2.0+debian-2UNKNOWN
Ubuntu18.04noarchlibxerces-c-samples< 3.2.0+debian-2UNKNOWN
Ubuntu18.04noarchlibxerces-c-samples-dbgsym< 3.2.0+debian-2UNKNOWN
Ubuntu18.04noarchlibxerces-c3.2< 3.2.0+debian-2UNKNOWN
Ubuntu18.04noarchlibxerces-c3.2-dbgsym< 3.2.0+debian-2UNKNOWN
Ubuntu18.04noarchlibxerces-c3.2< 3.2.0+debian-2ubuntu0.1~esm2UNKNOWN
Ubuntu16.04noarchlibxerces-c-samples< 3.1.3+debian-1ubuntu0.1~esm2UNKNOWN
Ubuntu16.04noarchlibxerces-c-dev< 3.1.3+debian-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	18.04	noarch	libxerces-c-samples	< 3.2.0+debian-2ubuntu0.1~esm2	UNKNOWN
Ubuntu	18.04	noarch	libxerces-c-dev	< 3.2.0+debian-2	UNKNOWN
Ubuntu	18.04	noarch	libxerces-c-doc	< 3.2.0+debian-2	UNKNOWN
Ubuntu	18.04	noarch	libxerces-c-samples	< 3.2.0+debian-2	UNKNOWN
Ubuntu	18.04	noarch	libxerces-c-samples-dbgsym	< 3.2.0+debian-2	UNKNOWN
Ubuntu	18.04	noarch	libxerces-c3.2	< 3.2.0+debian-2	UNKNOWN
Ubuntu	18.04	noarch	libxerces-c3.2-dbgsym	< 3.2.0+debian-2	UNKNOWN
Ubuntu	18.04	noarch	libxerces-c3.2	< 3.2.0+debian-2ubuntu0.1~esm2	UNKNOWN
Ubuntu	16.04	noarch	libxerces-c-samples	< 3.1.3+debian-1ubuntu0.1~esm2	UNKNOWN
Ubuntu	16.04	noarch	libxerces-c-dev	< 3.1.3+debian-1	UNKNOWN