Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1311

Опубликовано: 18 дек. 2019
Источник: nvd
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:*
Версия от 3.0.0 (включая) до 3.2.5 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
Версия до 21.4.0.0.0 (исключая)
Конфигурация 5

Одно из

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.04171
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2018-1311

CVSS3: 8.1
ubuntu
около 6 лет назад

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

redhat логотип

CVE-2018-1311

CVSS3: 8.1
redhat
около 6 лет назад

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

msrc логотип

CVE-2018-1311

CVSS3: 8.1
msrc
почти 4 года назад

Описание отсутствует

debian логотип

CVE-2018-1311

CVSS3: 8.1
debian
около 6 лет назад

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-fre ...

suse-cvrf логотип

openSUSE-SU-2021:2958-1

suse-cvrf
больше 4 лет назад

Security update for xerces-c

EPSS

Процентиль: 88%
0.04171
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416