SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Apache Xerces Vendors:   Apache Software Foundation
Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash
SecurityTracker Alert ID:  1036211
SecurityTracker URL:  http://securitytracker.com/id/1036211
CVE Reference:   CVE-2016-4463   (Links to External Site)
Date:  Jun 30 2016
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.1.4
Description:   A vulnerability was reported in Apache Xerces. A remote user can cause the target application to crash.

A remote user can create a specially crafted DTD file that is deeply nested that, when processed by the target application, will trigger a stack overflow in the xml parser library and cause the target application using the library to crash.

Brandon Perry reported this vulnerability.

Impact:   A remote user can cause the target application to crash.
Solution:   The vendor has issued a fix (3.1.4).

The vendor's advisory is available at:

http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt

Vendor URL:  xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 16 2016 (IBM Issues Fix for IBM DB2) Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash
IBM has issued a fix for IBM DB2.
Oct 30 2018 (Red Hat Issues Fix) Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash
Red Hat has issued a fix for Red Hat Enterprise Linux 7.
Nov 12 2018 (Oracle Issues Fix for Oracle Linux) Apache Xerces DTD Parsing Stack Overflow Lets Remote Users Cause the Target Application to Crash
Oracle has issued a fix for Oracle Linux 7.



 Source Message Contents

Subject:  [oss-security] CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Xerces-C XML Parser library versions
prior to V3.1.4

Description: The Xerces-C XML parser fails to successfully parse a
DTD that is deeply nested, and this causes a stack overflow, which
makes a denial of service attack against many applications possible
by an unauthenticated attacker.

Mitigation: Applications that are using library versions older than
V3.1.4 should upgrade as soon as possible. Distributors of older
versions should apply the patches from this subversion revision:

http://svn.apache.org/viewvc?view=3Drevision&revision=3D1747619

Note that the nesting limit is currently implemented as a compile-time
constant in order to maintain ABI-compatibility.

In addition, a related enhancement was made to enable applications
to fully disable DTD processing through the use of an environment
variable. Distributors of older versions are urged to incorporate
this patch to enable applications to more fully protect themselves
from future issues if they do not require DTD support. This change
is ABI-compatible and can be found in this subversion revision:

http://svn.apache.org/viewvc?view=3Drevision&revision=3D1747620

Credit: This issue was reported by Brandon Perry.

References:
http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXXqPQAAoJEDeLhFQCJ3liyRwQAI5aUjhKtZtw+51EgNizpuLa
dvfEP27anUXLKwLXt+WIfogW3TLQ4HwyiszanO4YTlwz3qbKO3TJQXdT4kTQx6/k
KhWr7+vsn7pBEPiiC7kj3lH7QHCd+T8/W+Xik/rKDFV1qAAKuoFgYJ31qED8I65z
371Tdm+p2QE4Nh9M7k7LUs+yWu5XdwJIS61L3R/MpEptynuo7Onbp+sjF6OQCZHc
u1KJ3zAlKzP4iwtxKjvoXqOnLgYwjtqC2p7nYBEXOEn4DA4Q/PMrfdYIebjUo/Wy
CeIN5TGJ2aunMkVK0RgxCqjr0sl2cYqY8iegUqp9Iz4+rMpy5ZDLNyyjgbXgSY73
8145xO2tscLs7bLXAXUGbLlOPxnDqVieGlYyHICFnl58I4ekfhwtMmd9d2WOlaVE
7NEPTorFiHI+wdK2yebCLAMaJbL9KJQiJa/4xw9qvpZ4DQ7aein9jq7fklQ62crc
Ff4h4icX4icM1/s1tvcEM1lZw8Td4UyXkwvoEmfZg7dVy4NW+XM/Kn4FUCPRnC9A
XVAabL3K290Mz77YLqUTk733w1q/lFCxgOCJF18/OJef2azMn74QgFbLcBD16i2O
FNxdtPsSRGNsfOGN08Uiwg9RN6uqoZ6Rxwq3hEcAiufYQHFiXldlS26koP2QMk03
gNuHTr22AcR0ZgoW9GYP
=3Deilz
-----END PGP SIGNATURE-----
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC