Skip to content

Denial of service in Apache Xerces2

Moderate severity GitHub Reviewed Published Jun 15, 2020 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

maven xerces:xercesImpl (Maven)

Affected versions

< 2.10.0

Patched versions

2.10.0

Description

XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.

References

Published by the National Vulnerability Database Aug 6, 2009
Reviewed Jun 15, 2020
Published to the GitHub Advisory Database Jun 15, 2020
Last updated Feb 1, 2023

Severity

Moderate

Weaknesses

No CWEs

CVE ID

CVE-2009-2625

GHSA ID

GHSA-334p-wv2m-w3vp

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.