Update Mon Jun 3 18:09:12 UTC 2024

trickest · Jun 3, 2024 · 8e308f2 · 8e308f2
1 parent a1a0e77
commit 8e308f2
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/2009/CVE-2009-1885.md b/2009/CVE-2009-1885.md
@@ -0,0 +1,17 @@
+### [CVE-2009-1885](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1885)
+![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
+![](https://img.shields.io/static/v1?label=Version&message=%3D%20n%2Fa%20&color=brighgreen)
+![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
+
+### Description
+
+Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
+
+### POC
+
+#### Reference
+- https://bugzilla.redhat.com/show_bug.cgi?id=515515
+
+#### Github
+No PoCs found on GitHub currently.
+
diff --git a/references.txt b/references.txt
@@ -15453,6 +15453,7 @@ CVE-2009-1873 - https://www.exploit-db.com/exploits/9443
 CVE-2009-1879 - http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss/
 CVE-2009-1882 - http://imagemagick.org/script/changelog.php
 CVE-2009-1883 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9513
+CVE-2009-1885 - https://bugzilla.redhat.com/show_bug.cgi?id=515515
 CVE-2009-1887 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9716
 CVE-2009-1890 - http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
 CVE-2009-1890 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9403