{"id":"CVE-2023-37536","details":"An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.","modified":"2026-03-15T21:45:02.156177Z","published":"2023-10-11T07:15:10.580Z","related":["SUSE-SU-2023:4543-1","SUSE-SU-2023:4586-1","SUSE-SU-2023:4715-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAOSSJ72CUJ535VRWTCVQKUYT2LYR3OM/"},{"type":"ADVISORY","url":"https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107791"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-37536.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.2.3"}]},{"events":[{"introduced":"9.0.0"},{"fixed":"9.5.23"}]},{"events":[{"introduced":"10.0.0"},{"fixed":"10.0.10"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}