Description
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
References (5)
Scores
CVSS v3
8.2
EPSS
0.0100
EPSS Percentile
77.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-190
CWE-680
Status
published
Products (3)
apache/xerces-c\+\+
3.2.3
fedoraproject/fedora
37
hcltech/bigfix_platform
9.0.0 - 9.5.23
Published
Oct 11, 2023
Tracked Since
Feb 18, 2026