FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xerces-c2 -- Attribute blowup denial-of-service

Affected packages
xerces-c2 < 2.6.0

Details

VuXML ID 76301302-1d59-11d9-814e-0001020eed82
Discovery 2004-10-02
Entry 2004-10-13
Modified 2004-10-14

Amit Klein reports about Xerces-C++:

An attacker can craft a malicious XML document, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (XML parser). The result of this attack is that the XML parser consumes all the CPU.

[source]

References

Bugtraq ID 11312
Message 415F00A8.13029.1FAADB7@localhost

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.