CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
Cantor, Scott
cantor.2 at osu.edu
Mon Mar 14 17:34:18 EDT 2016
> Am I correct that an unpatched system is susceptible to a remote code
> execution, or is it just a service crash?
If you ask me, the answer is I don't know and I assume the worst. If you ask Red Hat, the advisory they issued says they think it's just a crash. You would have to ask them why they concluded that, but the CVE text I provided was consistent in referring to it as a potential remote code execution vulnerability.
-- Scott
More information about the users
mailing list