CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan

CVE-2024-23807: Apache Xerces C++: Use-after-free on external DTD scan

Open Source Security [[{„value“:“

Posted by Arnout Engelen on Feb 16

Severity: moderate

Affected versions:

– Apache Xerces C++ 3.0.0 before 3.2.5

Description:

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the
scanning of external DTDs.

Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD
processing. This can be accomplished via the DOM using a standard parser feature, or via SAX…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert