VYPR
Unrated severityNVD Advisory· Published Oct 8, 2008· Updated Jun 16, 2026

CVE-2008-4482

CVE-2008-4482

Description

The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

19
  • Apache/Xerces C\+\+19 versions
    cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:*+ 18 more
    • cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:*range: <=2.8.0
    • cpe:2.3:a:apache:xerces-c\+\+:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:2.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:2.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:2.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:2.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:xerces-c\+\+:2.7.0:*:*:*:*:*:*:*
    • (no CPE)range: <3.0.0

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.