CVE-2009-2625

Priority
Description
XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime
Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0
before Update 20, and in other products, allows remote attackers to cause a
denial of service (infinite loop and application hang) via malformed XML
input, as demonstrated by the Codenomicon XML fuzzing framework.
Notes
jdstrandthis originally come out as a bug in expat (#1990430).
CVE-2009-3720 was later assigned to this identical issue, since
this issue was worded as a Java vulnerability. Our USN references
this CVE and CVE-2009-3720 will be ignored.
Package
Upstream:released (6b16)
Package
Upstream:released (1.5.0-20)
Package
Upstream:released (6.15)
More Information

Updated: 2020-03-18 22:00:30 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)