Home

CVE-2018-1311

Description

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.171

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:0702) xerces-c security update xerces-c-3.0.1-21.el6_10.i686.rpmLinux
(RHSA-2020:0702) xerces-c security update xerces-c-3.0.1-21.el6_10.x86_64.rpmLinux
(RHSA-2020:0702) xerces-c security update xerces-c-devel-3.0.1-21.el6_10.i686.rpmLinux
(RHSA-2020:0702) xerces-c security update xerces-c-devel-3.0.1-21.el6_10.x86_64.rpmLinux
(RHSA-2020:0702) xerces-c security update xerces-c-doc-3.0.1-21.el6_10.noarch.rpmLinux
(RHSA-2020:0704) xerces-c security update xerces-c-3.1.1-10.el7_7.i686.rpmLinux
(RHSA-2020:0704) xerces-c security update xerces-c-3.1.1-10.el7_7.x86_64.rpmLinux
(RHSA-2020:0704) xerces-c security update xerces-c-devel-3.1.1-10.el7_7.i686.rpmLinux
(RHSA-2020:0704) xerces-c security update xerces-c-devel-3.1.1-10.el7_7.x86_64.rpmLinux
(RHSA-2020:0704) xerces-c security update xerces-c-doc-3.1.1-10.el7_7.noarch.rpmLinux
Xerces-c update (ELSA-2020-0702) xerces-c-3.0.1-21.el6_10.x86_64.rpmLinux
Xerces-c-devel update (ELSA-2020-0702) xerces-c-devel-3.0.1-21.el6_10.x86_64.rpmLinux
Xerces-c-doc update (ELSA-2020-0702) xerces-c-doc-3.0.1-21.el6_10.noarch.rpmLinux
Xerces-c update (ELSA-2020-0702) xerces-c-3.0.1-21.el6_10.i686.rpmLinux
Xerces-c-devel update (ELSA-2020-0702) xerces-c-devel-3.0.1-21.el6_10.i686.rpmLinux
(CESA-2020:0702) xerces-c security update xerces-c-3.0.1-21.el6_10.i686.rpmLinux
(CESA-2020:0702) xerces-c security update xerces-c-3.0.1-21.el6_10.x86_64.rpmLinux
(CESA-2020:0702) xerces-c security update xerces-c-devel-3.0.1-21.el6_10.i686.rpmLinux
(CESA-2020:0702) xerces-c security update xerces-c-devel-3.0.1-21.el6_10.x86_64.rpmLinux
(CESA-2020:0702) xerces-c security update xerces-c-doc-3.0.1-21.el6_10.noarch.rpmLinux
(CESA-2020:0704) xerces-c security update xerces-c-3.1.1-10.el7_7.i686.rpmLinux
(CESA-2020:0704) xerces-c security update xerces-c-3.1.1-10.el7_7.x86_64.rpmLinux
(CESA-2020:0704) xerces-c security update xerces-c-devel-3.1.1-10.el7_7.i686.rpmLinux
(CESA-2020:0704) xerces-c security update xerces-c-devel-3.1.1-10.el7_7.x86_64.rpmLinux
(CESA-2020:0704) xerces-c security update xerces-c-doc-3.1.1-10.el7_7.noarch.rpmLinux
SUSE-SU-2021:2944-1(SUSE Linux Enterprise Server 12-SP5 ) libxerces-c-3_1-3.1.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2944-1(SUSE Linux Enterprise Server 12-SP5 ) libxerces-c-3_1-32bit-3.1.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2944-1(SUSE Linux Enterprise Server 12-SP5 ) libxerces-c-3_1-debuginfo-3.1.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2944-1(SUSE Linux Enterprise Server 12-SP5 ) libxerces-c-3_1-debuginfo-32bit-3.1.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2944-1(SUSE Linux Enterprise Server 12-SP5 ) xerces-c-debuginfo-3.1.1-13.6.1.x86_64.rpmLinux
SUSE-SU-2021:2944-1(SUSE Linux Enterprise Server 12-SP5 ) xerces-c-debugsource-3.1.1-13.6.1.x86_64.rpmLinux
Validating XML parser written in a portable subset of C++ (USN-6579-2) libxerces-c3.2_3.2.4+debian-1ubuntu0.23.04.1_amd64.debLinux
Validating XML parser written in a portable subset of C++ (USN-6579-2) libxerces-c3.2_3.2.4+debian-1ubuntu0.23.10.1_amd64.debLinux
Validating XML parser written in a portable subset of C++ (USN-6579-2) libxerces-c-samples_3.2.4+debian-1ubuntu0.23.04.1_amd64.debLinux
Validating XML parser written in a portable subset of C++ (USN-6579-2) libxerces-c-samples_3.2.4+debian-1ubuntu0.23.10.1_amd64.debLinux
Validating XML parser written in a portable subset of C++ (USN-6590-1) libxerces-c3.2_3.2.2+debian-1ubuntu0.2_amd64.debLinux
Validating XML parser written in a portable subset of C++ (USN-6590-1) libxerces-c3.2_3.2.3+debian-3ubuntu0.1_amd64.debLinux
Validating XML parser written in a portable subset of C++ (USN-6590-1) libxerces-c-samples_3.2.2+debian-1ubuntu0.2_amd64.debLinux
Validating XML parser written in a portable subset of C++ (USN-6590-1) libxerces-c-samples_3.2.3+debian-3ubuntu0.1_amd64.debLinux
SUSE-SU-2024:0299-1(SUSE Linux Enterprise Server 12 SP5 ) libxerces-c-3_1-3.1.1-13.12.1.x86_64.rpmLinux
SUSE-SU-2024:0299-1(SUSE Linux Enterprise Server 12 SP5 ) libxerces-c-3_1-32bit-3.1.1-13.12.1.x86_64.rpmLinux
SUSE-SU-2024:0299-1(SUSE Linux Enterprise Server 12 SP5 ) libxerces-c-3_1-debuginfo-3.1.1-13.12.1.x86_64.rpmLinux
SUSE-SU-2024:0299-1(SUSE Linux Enterprise Server 12 SP5 ) libxerces-c-3_1-debuginfo-32bit-3.1.1-13.12.1.x86_64.rpmLinux
SUSE-SU-2024:0299-1(SUSE Linux Enterprise Server 12 SP5 ) xerces-c-debuginfo-3.1.1-13.12.1.x86_64.rpmLinux
SUSE-SU-2024:0299-1(SUSE Linux Enterprise Server 12 SP5 ) xerces-c-debugsource-3.1.1-13.12.1.x86_64.rpmLinux
SUSE-SU-2024:0320-1(Basesystem Module 15-SP5) libxerces-c-3_2-3.2.3-150300.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:0320-1(Basesystem Module 15-SP5) libxerces-c-devel-3.2.3-150300.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:0320-1(Basesystem Module 15-SP5) xerces-c-debuginfo-3.2.3-150300.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:0320-1(Basesystem Module 15-SP5) xerces-c-debugsource-3.2.3-150300.3.6.1.x86_64.rpmLinux
SUSE-SU-2024:0320-1(Basesystem Module 15-SP5) libxerces-c-3_2-debuginfo-3.2.3-150300.3.6.1.x86_64.rpmLinux
(RHSA-2020:0704)Important: security update xerces-c-debuginfo-3.1.1-10.el7_7.i686.rpmLinux
(RHSA-2020:0704)Important: security update xerces-c-debuginfo-3.1.1-10.el7_7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234