DSA-3610-1 xerces-c -- xerces-cID: oval:org.secpod.oval:def:602548 | Date: (C)2016-07-04 (M)2023-07-25 |
Class: PATCH | Family: unix |
Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-c library. Additionally this update includes an enhancement to enable applications to fully disable DTD processing through the use of an environment variable .