Unrated severityNVD Advisory· Published Oct 11, 2023· Updated Feb 13, 2025
HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3
CVE-2023-37536
Description
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- Range: = 3.2.3
- osv-coords15 versionspkg:rpm/opensuse/xerces-c&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/xerces-c&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/xerces-c&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-ESPOSpkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/xerces-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 3.2.3-150300.3.3.2+ 14 more
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.1.4-150200.10.8.2
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.1.1-13.9.1
- (no CPE)range: < 3.1.4-150200.10.8.2
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.1.1-13.9.1
- (no CPE)range: < 3.1.4-150200.10.8.2
- (no CPE)range: < 3.2.3-150300.3.3.2
- (no CPE)range: < 3.1.1-13.9.1
- Range: 9.5 - 9.5.22, 10 - 10.0.9
Patches
Vulnerability mechanics
References
5- lists.debian.org/debian-lts-announce/2023/12/msg00027.htmlmitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/mitre
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/mitre
- support.hcltechsw.com/csmmitre
News mentions
0No linked articles in our index yet.