You are viewing a plain text version of this content. The canonical link for it is here.

Posted to j-dev@xerces.apache.org by "Danny Trunk (Jira)" <xe...@xml.apache.org> on 2023/06/21 14:50:00 UTC

[jira] [Created] (XERCESJ-1756) CVE-2017-10355

Danny Trunk created XERCESJ-1756:
------------------------------------

             Summary: CVE-2017-10355
                 Key: XERCESJ-1756
                 URL: https://issues.apache.org/jira/browse/XERCESJ-1756
             Project: Xerces2-J
          Issue Type: Task
    Affects Versions: 2.12.2
            Reporter: Danny Trunk


*CVE-2017-10355* (OSSINDEX)  

 

sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS) The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

CWE-833 Deadlock

CVSSv3:
 * Base Score: MEDIUM (5.9)
 * Vector: CVSS:/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H


References:
 * OSSINDEX - [[CVE-2017-10355] CWE-833: Deadlock|https://ossindex.sonatype.org/vulnerability/CVE-2017-10355?component-type=maven&component-name=xerces%2FxercesImpl&utm_source=dependency-check&utm_medium=integration&utm_content=8.2.1]
 * OSSIndex - [https://blogs.securiteam.com/index.php/archives/3271]

 

Vulnerable Software & Versions (OSSINDEX):
 * cpe:2.3:a:xerces:xercesImpl:2.12.2:*:*:*:*:*:*:*



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: j-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-dev-help@xerces.apache.org