Remote Integer Overflow in xerces-c++ 3.2.3 (BigFix Platform)
CVE-2023-37536 Published on October 11, 2023

HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

NVD

Vulnerability Analysis

CVE-2023-37536 is exploitable with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
HIGH

Weakness Type

Integer Overflow to Buffer Overflow

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.


Products Associated with CVE-2023-37536

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-37536 are published in these products:

Hcltech Bigfix Platform
 
Apache Xerces C
 
Fedora Project Fedora
 
Canonical Ubuntu Linux
 
Oracle
 
IBM Bigfix Platform
 

Affected Versions

HCL Software BigFix Platform: hcltech bigfix_platform: fedoraproject fedora: apache xerces-c\+\+:

Exploit Probability

EPSS
1.08%
Percentile
77.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.