FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xerces-c2 -- Attribute blowup denial-of-service

Affected packages
xerces-c2 < 2.6.0


VuXML ID 76301302-1d59-11d9-814e-0001020eed82
Discovery 2004-10-02
Entry 2004-10-13
Modified 2004-10-14

Amit Klein reports about Xerces-C++:

An attacker can craft a malicious XML document, which uses XML attributes in a way that inflicts a denial of service condition on the target machine (XML parser). The result of this attack is that the XML parser consumes all the CPU.


Bugtraq ID 11312
Message 415F00A8.13029.1FAADB7@localhost