CVE-2023-37536 – HCL BigFix Platform is vulnerable to an integer overflow in xerces-c++ 3.2.3

https://notcve.org/view.php?id=CVE-2023-37536

11 Oct 2023 — An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. Un desbordamiento de enteros de xerces-c++ 3.2.3 en BigFix Platform permite a atacantes remotos provocar acceso fuera de límites a través de una solicitud HTTP. An integer overflow exists in xerces-c++. This flaw allows an attacker using a specially crafted HTTP request payload to trigger an out-of-bounds read, resulting in a loss of confidentiality, integrity, and availability. ... • https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •