CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/36201	Vendor Advisory
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch
http://svn.apache.org/viewvc?view=rev&revision=781488	Exploit
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml/
http://www.mandriva.com/security/advisories?name=MDVSA-2009:223
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
http://www.securityfocus.com/bid/35986
http://www.vupen.com/english/advisories/2009/2196	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=515515	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/52321
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html
http://secunia.com/advisories/36201	Vendor Advisory
http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch
http://svn.apache.org/viewvc?view=rev&revision=781488	Exploit
http://www.cert.fi/en/reports/2009/vulnerability2009085.html
http://www.codenomicon.com/labs/xml/
http://www.mandriva.com/security/advisories?name=MDVSA-2009:223
http://www.networkworld.com/columnists/2009/080509-xml-flaw.html
http://www.securityfocus.com/bid/35986
http://www.vupen.com/english/advisories/2009/2196	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=515515	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/52321
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:xerces-c\+\+:2.7.0:::::::*
	cpe:2.3:a:apache:xerces-c\+\+:2.8.0:::::::*

History

21 Nov 2024, 01:03

Information

Published : 2009-08-11 18:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-1885

Mitre link : CVE-2009-1885

CVE.ORG link : CVE-2009-1885

JSON object : View

Products Affected

apache

xerces-c\+\+

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2009-1885", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-08-11T18:30:00.877", "references": [{"url": "http://secunia.com/advisories/36201", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch", "source": "secalert@redhat.com"}, {"url": "http://svn.apache.org/viewvc?view=rev&revision=781488", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", "source": "secalert@redhat.com"}, {"url": "http://www.codenomicon.com/labs/xml/", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:223", "source": "secalert@redhat.com"}, {"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/35986", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2009/2196", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515515", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52321", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html", "source": "secalert@redhat.com"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/36201", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/DTDScanner.cpp?r1=781488&r2=781487&pathrev=781488&view=patch", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.apache.org/viewvc?view=rev&revision=781488", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.codenomicon.com/labs/xml/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:223", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/35986", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/2196", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515515", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52321", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01099.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01136.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01150.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in \"simply nested DTD structures,\" as demonstrated by the Codenomicon XML fuzzing framework."}, {"lang": "es", "value": "Vulnerabilidad de agotamiento de pila en validators/DTD/DTDScanner.cpp en Apache Xerces C++ v2.7.0 y v2.8.0 permite a atacantes dependientes de contexto producir una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de vectores que incluyen el uso de par\u00e9ntesis anidados y unos valores de byte no validos en \"estructuras simples anidadas DTD\", como se demostro en Codenomicon XML fuzzing framework."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:xerces-c\\+\\+:2.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00E71C8D-D4DF-4F54-8CF8-D2AA67AC5690"}, {"criteria": "cpe:2.3:a:apache:xerces-c\\+\\+:2.8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C868E93-96F3-4199-83C8-B5055629911A"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1885\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future xerces-c packages update in Red Hat Enterprise MRG 1.1 may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/", "lastModified": "2009-08-12T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}

4.3 /10