Vulnerability Details CVE-2008-4482
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.6%
CVSS Severity
CVSS v2 Score 7.8
References
- http://issues.apache.org/jira/browse/XERCESC-1051
- http://secunia.com/advisories/32108
- http://www.securityfocus.com/bid/31533
- http://xerces.apache.org/xerces-c/releases.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45596
- http://issues.apache.org/jira/browse/XERCESC-1051
- http://secunia.com/advisories/32108
- http://www.securityfocus.com/bid/31533
- http://xerces.apache.org/xerces-c/releases.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45596
Products affected by CVE-2008-4482
-
cpe:2.3:a:apache:xerces-c++:-
-
cpe:2.3:a:apache:xerces-c++:1.0.0
-
cpe:2.3:a:apache:xerces-c++:1.0.1
-
cpe:2.3:a:apache:xerces-c++:1.1.0
-
cpe:2.3:a:apache:xerces-c++:1.2.0
-
cpe:2.3:a:apache:xerces-c++:1.3.0
-
cpe:2.3:a:apache:xerces-c++:1.4.0
-
cpe:2.3:a:apache:xerces-c++:1.5.0
-
cpe:2.3:a:apache:xerces-c++:1.5.1
-
cpe:2.3:a:apache:xerces-c++:1.5.2
-
cpe:2.3:a:apache:xerces-c++:1.6.0
-
cpe:2.3:a:apache:xerces-c++:1.7.0
-
cpe:2.3:a:apache:xerces-c++:2.0.0
-
cpe:2.3:a:apache:xerces-c++:2.1.0
-
cpe:2.3:a:apache:xerces-c++:2.2.0
-
cpe:2.3:a:apache:xerces-c++:2.3.0
-
cpe:2.3:a:apache:xerces-c++:2.4.0
-
cpe:2.3:a:apache:xerces-c++:2.5.0
-
cpe:2.3:a:apache:xerces-c++:2.6.0
-
cpe:2.3:a:apache:xerces-c++:2.7.0
-
cpe:2.3:a:apache:xerces-c++:2.8.0