Is CVE-2015-0252 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 40%.

What products does CVE-2015-0252 affect?

Tracked products affected include Fedora. Check the version you run to see whether it is affected.

How do I fix CVE-2015-0252?

Apply the vendor fix in your normal patch cycle. Upgrade affected products to a fixed version.

CVE-2015-0252

Q: What is CVE-2015-0252?

CVE-2015-0252 is a medium-severity software vulnerability (Improper input validation) with a CVSS score of 5. internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

MEDIUM severity · CVSS 5 · Improper input validation

5CVSS MEDIUM

Summary

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impactNone

Availability impact—

Exploit probability (EPSS)40%

AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products we track (1)

Fedora

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html
http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html