CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*

History

16 Feb 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/02/16/1 -

31 Dec 2023, 14:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html -

31 Dec 2023, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/ -

31 Dec 2023, 03:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/ -

07 Nov 2023, 02:55

Type Values Removed Values Added
References
  • {'url': 'https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b@%3Cc-dev.xerces.apache.org%3E', 'name': '[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.', 'tags': ['Mitigation', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35@%3Cc-users.xerces.apache.org%3E', 'name': '[xerces-c-users] 20210528 Re: Security vulnerability - CVE-2018-1311', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625@%3Cc-users.xerces.apache.org%3E', 'name': '[xerces-c-users] 20210528 RE: Security vulnerability - CVE-2018-1311', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646@%3Cc-users.xerces.apache.org%3E', 'name': '[xerces-c-users] 20210528 Security vulnerability - CVE-2018-1311', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • () https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E -
  • () https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E -
  • () https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E -
  • () https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E -

05 Feb 2023, 21:10

Type Values Removed Values Added
First Time Apache xerces-c\+\+
CPE cpe:2.3:a:apache:xerces-c:*:*:*:*:*:*:*:* cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:*

05 Apr 2022, 20:34

Type Values Removed Values Added
First Time Oracle goldengate
Debian debian Linux
Redhat enterprise Linux Desktop
Redhat enterprise Linux Server
Oracle
Debian
Redhat enterprise Linux Server Tus
Redhat enterprise Linux Eus
Redhat enterprise Linux Workstation
Redhat enterprise Linux Server Aus
Redhat
CPE cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
References (DEBIAN) https://www.debian.org/security/2020/dsa-4814 - (DEBIAN) https://www.debian.org/security/2020/dsa-4814 - Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0702 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0702 - Third Party Advisory
References (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646@%3Cc-users.xerces.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646@%3Cc-users.xerces.apache.org%3E - Mailing List, Third Party Advisory
References (REDHAT) https://access.redhat.com/errata/RHSA-2020:0704 - (REDHAT) https://access.redhat.com/errata/RHSA-2020:0704 - Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html - (MLIST) https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625@%3Cc-users.xerces.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625@%3Cc-users.xerces.apache.org%3E - Mailing List, Third Party Advisory
References (MLIST) https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35@%3Cc-users.xerces.apache.org%3E - (MLIST) https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35@%3Cc-users.xerces.apache.org%3E - Mailing List, Third Party Advisory

07 Feb 2022, 16:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpujan2022.html -

28 May 2021, 12:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625@%3Cc-users.xerces.apache.org%3E -
  • (MLIST) https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35@%3Cc-users.xerces.apache.org%3E -

28 May 2021, 11:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646@%3Cc-users.xerces.apache.org%3E -

Information

Published : 2019-12-18 20:15

Updated : 2024-02-16 17:15


NVD link : CVE-2018-1311

Mitre link : CVE-2018-1311

CVE.ORG link : CVE-2018-1311


JSON object : View

Products Affected

debian

  • debian_linux

redhat

  • enterprise_linux_server_aus
  • enterprise_linux_server_tus
  • enterprise_linux_server
  • enterprise_linux_workstation
  • enterprise_linux_desktop
  • enterprise_linux_eus

oracle

  • goldengate

apache

  • xerces-c\+\+
CWE
CWE-416

Use After Free