The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
16 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Dec 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Dec 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Dec 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 02:55
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
05 Feb 2023, 21:10
Type | Values Removed | Values Added |
---|---|---|
First Time |
Apache xerces-c\+\+
|
|
CPE | cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:* |
05 Apr 2022, 20:34
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle goldengate
Debian debian Linux Redhat enterprise Linux Desktop Redhat enterprise Linux Server Oracle Debian Redhat enterprise Linux Server Tus Redhat enterprise Linux Eus Redhat enterprise Linux Workstation Redhat enterprise Linux Server Aus Redhat |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* |
|
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4814 - Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0702 - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646@%3Cc-users.xerces.apache.org%3E - Mailing List, Third Party Advisory | |
References | (REDHAT) https://access.redhat.com/errata/RHSA-2020:0704 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625@%3Cc-users.xerces.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35@%3Cc-users.xerces.apache.org%3E - Mailing List, Third Party Advisory |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 May 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 May 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-12-18 20:15
Updated : 2024-02-16 17:15
NVD link : CVE-2018-1311
Mitre link : CVE-2018-1311
CVE.ORG link : CVE-2018-1311
JSON object : View
Products Affected
debian
- debian_linux
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_server
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_eus
oracle
- goldengate
apache
- xerces-c\+\+
CWE
CWE-416
Use After Free