1. Home
  2. CVE Database
  3. CVE-2009-1885
MEDIUM · 4.3

CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors in...

Vulnerability Description

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P
Confidentiality
NONE
Integrity
NONE
Availability
PARTIAL

Affected Products

VendorProductVersions
ApacheXerces-C\+\+2.7.0

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2009-1885?

CVE-2009-1885 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors in...

How severe is CVE-2009-1885?

CVE-2009-1885 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-1885?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Xerces-C\+\+.