Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1311

Опубликовано: 18 дек. 2019
Источник: nvd
CVSS3: 8.1
CVSS2: 6.8
EPSS Низкий

Описание

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:xerces-c\+\+:*:*:*:*:*:*:*:*
Версия от 3.0.0 (включая) до 3.2.5 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*
Версия до 21.4.0.0.0 (исключая)
Конфигурация 5

Одно из

cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

EPSS

Процентиль: 88%
0.04171
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2018-1311

CVSS3: 8.1
ubuntu
больше 5 лет назад

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

redhat логотип

CVE-2018-1311

CVSS3: 8.1
redhat
больше 5 лет назад

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

msrc логотип

CVE-2018-1311

CVSS3: 8.1
msrc
больше 3 лет назад

Описание отсутствует

debian логотип

CVE-2018-1311

CVSS3: 8.1
debian
больше 5 лет назад

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-fre ...

suse-cvrf логотип

openSUSE-SU-2021:2958-1

suse-cvrf
почти 4 года назад

Security update for xerces-c

EPSS

Процентиль: 88%
0.04171
Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416