Description
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
References (5)
Core 5
Core References
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
Scores
CVSS v3
8.2
EPSS
0.0138
EPSS Percentile
68.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-190
CWE-680
Status
published
Products (3)
apache/xerces-c\+\+
3.2.3
fedoraproject/fedora
37
hcltech/bigfix_platform
9.0.0 - 9.5.23
Published
Oct 11, 2023
Tracked Since
Feb 18, 2026