CVE-2023-37536
HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3
In short
HCL BigFix Platform contains a vulnerability in its XML processing library (xerces-c++) that allows remote attackers to send specially crafted HTTP requests, causing the software to access memory outside safe boundaries and potentially crash or leak data.
Technical detail
An integer overflow vulnerability in xerces-c++ 3.2.3 used by BigFix Platform enables remote attackers to trigger out-of-bounds memory access through malformed HTTP requests without authentication. The vulnerability affects XML parsing operations and can result in denial of service or information disclosure.
Summary generated and translated by AI from the official description.
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H
Affected products
HCL Software · BigFix PlatformWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://lists.debian.org/debian-lts-announce/2023/12/msg00027.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791