CVE-2018-1311

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
apachexerces-c\+\+
3.0.0 ≤
𝑥
< 3.2.5
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
7.7
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.7
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
debiandebian_linux
9.0
debiandebian_linux
10.0
oraclegoldengate
𝑥
< 21.4.0.0.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xerces-c
bookworm
3.2.4+debian-1
fixed
bullseye
3.2.3+debian-3+deb11u1
fixed
jessie
postponed
sid
3.2.4+debian-1.3
fixed
trixie
3.2.4+debian-1.3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xerces-c
bionic
Fixed 3.2.0+debian-2ubuntu0.1~esm2
released
disco
ignored
eoan
ignored
focal
Fixed 3.2.2+debian-1ubuntu0.1
released
groovy
ignored
hirsute
ignored
impish
ignored
jammy
Fixed 3.2.3+debian-3ubuntu0.1
released
kinetic
ignored
lunar
Fixed 3.2.4+debian-1ubuntu0.23.04.1
released
mantic
Fixed 3.2.4+debian-1ubuntu0.23.10.1
released
trusty
Fixed 3.1.1-5.1+deb8u4ubuntu0.1~esm1
released
xenial
Fixed 3.1.3+debian-1ubuntu0.1~esm2
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libxerces-c-3_1
suse enterprise desktop 15 SP2
3.1.4-10.3.1
fixed
suse enterprise sap 12 SP5
3.1.1-13.12.1
fixed
suse enterprise sap 15
3.1.4-3.6.1
fixed
suse enterprise sap 15 SP1
3.1.4-3.6.1
fixed
suse enterprise sap 15 SP2
3.1.4-10.3.1
fixed
suse enterprise server 12 SP3
3.1.1-13.12.1
fixed
suse enterprise server 12 SP5
3.1.1-13.12.1
fixed
suse enterprise server 15
3.1.4-3.6.1
fixed
suse enterprise server 15 SP1
3.1.4-3.6.1
fixed
suse enterprise server 15 SP2
3.1.4-150200.10.11.1
fixed
suse enterprise server 15 SP3
3.1.4-150200.10.11.1
fixed
libxerces-c-3_1-32bit
suse enterprise sap 12 SP5
3.1.1-13.12.1
fixed
suse enterprise server 12 SP3
3.1.1-13.12.1
fixed
suse enterprise server 12 SP5
3.1.1-13.12.1
fixed
suse enterprise server 15 SP3
3.1.4-150200.10.11.1
fixed
libxerces-c-3_2
suse enterprise desktop 15 SP5
3.2.3-150300.3.6.1
fixed
suse enterprise desktop 15 SP6
3.2.3-150300.3.6.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150300.3.6.1
fixed
suse enterprise sap 15 SP5
3.2.3-150300.3.6.1
fixed
suse enterprise sap 15 SP6
3.2.3-150300.3.6.1
fixed
suse enterprise sap 15 SP7
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP3
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP4
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP5
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP6
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP7
3.2.3-150300.3.6.1
fixed
libxerces-c-devel
suse enterprise desktop 15 SP2
3.1.4-10.3.1
fixed
suse enterprise desktop 15 SP5
3.2.3-150300.3.6.1
fixed
suse enterprise desktop 15 SP6
3.2.3-150300.3.6.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150300.3.6.1
fixed
suse enterprise sap 15
3.1.4-3.6.1
fixed
suse enterprise sap 15 SP1
3.1.4-3.6.1
fixed
suse enterprise sap 15 SP2
3.1.4-10.3.1
fixed
suse enterprise sap 15 SP5
3.2.3-150300.3.6.1
fixed
suse enterprise sap 15 SP6
3.2.3-150300.3.6.1
fixed
suse enterprise sap 15 SP7
3.2.3-150300.3.6.1
fixed
suse enterprise server 15
3.1.4-3.6.1
fixed
suse enterprise server 15 SP1
3.1.4-3.6.1
fixed
suse enterprise server 15 SP2
3.1.4-150200.10.11.1
fixed
suse enterprise server 15 SP3
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP4
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP5
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP6
3.2.3-150300.3.6.1
fixed
suse enterprise server 15 SP7
3.2.3-150300.3.6.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
xerces-c
RHEL 6
0:3.0.1-21.el6_10
fixed
RHEL 7
0:3.1.1-10.el7_7
fixed
xerces-c-devel
RHEL 6
0:3.0.1-21.el6_10
fixed
RHEL 7
0:3.1.1-10.el7_7
fixed
xerces-c-doc
RHEL 6
0:3.0.1-21.el6_10
fixed
RHEL 7
0:3.1.1-10.el7_7
fixed
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/02/16/1
https://access.redhat.com/errata/RHSA-2020:0702
https://access.redhat.com/errata/RHSA-2020:0704
https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E
https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
https://marc.info/?l=xerces-c-users&m=157653840106914&w=2
https://www.debian.org/security/2020/dsa-4814
https://www.oracle.com/security-alerts/cpujan2022.html
http://www.openwall.com/lists/oss-security/2024/02/16/1
https://access.redhat.com/errata/RHSA-2020:0702
https://access.redhat.com/errata/RHSA-2020:0704
https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E
https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E
https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html
https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
https://marc.info/?l=xerces-c-users&m=157653840106914&w=2
https://www.debian.org/security/2020/dsa-4814
https://www.oracle.com/security-alerts/cpujan2022.html