CVE-2009-1885

medium Apache
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS Score
14.1%
Exploitation probability in 30 days
Top 6% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
None
Availability
P
Published: August 11, 2009 (6120 days ago)
Last Modified: April 23, 2026
Vendor: Apache
Source: NVD

Description

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.

CWE

CWE-119

Affected Products

apache xerces-c\+\+

References

🔗 secunia.com 🔗 svn.apache.org 🔗 svn.apache.org 🔗 www.cert.fi 🔗 www.codenomicon.com