FreeBSD : xerces-c3 -- Parser Crashes on Malformed Input (a7f2e9c6-de20-11e5-8458-6cc21735f730)
High Nessus Plugin ID 89015
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionThe Apache Software Foundation reports :
The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution.
SolutionUpdate the affected package.