CVE-2016-4463

Published: Jul 8, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

x_refsource_CONFIRM

https://issues.apache.org/jira/browse/XERCESC-2069

x_refsource_CONFIRM

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=10510&version=12336069

x_refsource_CONFIRM

RHSA-2018:3335

vendor-advisory

x_refsource_REDHAT

DSA-3610

vendor-advisory

x_refsource_DEBIAN

1036211

vdb-entry

x_refsource_SECTRACK

openSUSE-SU-2016:2232

vendor-advisory

x_refsource_SUSE

RHSA-2018:3506

vendor-advisory

x_refsource_REDHAT

RHSA-2018:3514

vendor-advisory

x_refsource_REDHAT

91501

vdb-entry

x_refsource_BID

http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt

x_refsource_CONFIRM

20160629 CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

mailing-list

x_refsource_BUGTRAQ

http://packetstormsecurity.com/files/137714/Apache-Xerces-C-XML-Parser-Crash.html

x_refsource_MISC

openSUSE-SU-2016:1808

vendor-advisory

x_refsource_SUSE

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2016-4463

Description

Affected Products

References