CVE-2018-1311

CVE	CVE-2018-1311
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-12-18 20:15:00 UTC
Updated	2023-12-31 14:15:00 UTC
Description	The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

Problem Types: CWE-416

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Xerces-c	All	All	All	All
Application	Apache	Xerces-c	All	All	All	All
Application	Apache	Xerces-c	All	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Oracle	Goldengate	All	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Eus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Server	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server	7.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Server Tus	7.7	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	7.0	All	All	All

Reference	Source	Link	Tags
Pony Mail!	MLIST	lists.apache.org	Mitigation, Third Party Advisory
Debian -- Security Information -- DSA-4814-1 xerces-c	DEBIAN	www.debian.org
Pony Mail!		lists.apache.org
Red Hat Customer Portal	REDHAT	access.redhat.com
FEDORA-2023-817ecc703f		lists.fedoraproject.org
Pony Mail!		lists.apache.org
FEDORA-2023-52ba628e03		lists.fedoraproject.org
Pony Mail!	MLIST	lists.apache.org
[SECURITY] [DLA 2498-1] xerces-c security update	MLIST	lists.debian.org
Oracle Critical Patch Update Advisory - January 2022	MISC	www.oracle.com
'Xerces-C Security Advisory [CVE-2018-1311]' - MARC	CONFIRM	marc.info	Mailing List, Third Party Advisory
[debian-lts-announce] 20231231 [SECURITY] [DLA 3704-1] xerces-c security update		lists.debian.org
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Red Hat Customer Portal	REDHAT	access.redhat.com
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

200042 Ubuntu Security Notification for Xerces-C++ Vulnerability (USN-6579-1)
200052 Ubuntu Security Notification for Xerces-C++ Vulnerability (USN-6579-2)
200056 Ubuntu Security Notification for Xerces-C++ Vulnerabilities (USN-6590-1)
284841 Fedora Security Update for xerces (FEDORA-2023-52ba628e03)
285073 Fedora Security Update for xerces (FEDORA-2023-817ecc703f)
375422 IBM Integration Bus and IBM App Connect Enterprise Apache Xerces denial of service Vulnerability(6406232)
377016 Alibaba Cloud Linux Security Update for xerces-c (ALINUX2-SA-2020:0027)
506277 Alpine Linux Security Update for xerces-c
6000416 Debian Security Update for xerces-c (DLA 3704-1)
670213 EulerOS Security Update for xerces-c (EulerOS-SA-2021-1862)
751082 SUSE Enterprise Linux Security Update for xerces-c (SUSE-SU-2021:2920-1)
751088 SUSE Enterprise Linux Security Update for xerces-c (SUSE-SU-2021:2944-1)
751104 OpenSUSE Security Update for xerces-c (openSUSE-SU-2021:1231-1)
751105 OpenSUSE Security Update for xerces-c (openSUSE-SU-2021:2958-1)
755688 SUSE Enterprise Linux Security Update for xerces-c (SUSE-SU-2024:0300-1)
755689 SUSE Enterprise Linux Security Update for xerces-c (SUSE-SU-2024:0299-1)
755696 SUSE Enterprise Linux Security Update for xerces-c (SUSE-SU-2024:0320-1)
900790 Common Base Linux Mariner (CBL-Mariner) Security Update for xerces-c (9201)
901349 Common Base Linux Mariner (CBL-Mariner) Security Update for xerces-c (9201-1)