Home > Vulnerability Database > CVE-2018-1311

Mend.io Vulnerability Database

CVE-2018-1311

Date: December 18, 2019

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

Language: C

Severity Score

8.1

Related Resources (19)

Url: https://access.redhat.com/security/cve/CVE-2018-1311

Url: https://security-tracker.debian.org/tracker/CVE-2018-1311

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2018-1311

Url: https://access.redhat.com/errata/RHSA-2020:0702

Url: https://access.redhat.com/errata/RHSA-2020:0704

Url: https://marc.info/?l=xerces-c-users&m=157653840106914&w=2

Url: https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html

Url: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/

Url: https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html

Url: https://www.oracle.com/security-alerts/cpujan2022.html

Url: https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E

Url: https://www.debian.org/security/2020/dsa-4814

Url: https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E

Url: https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E

Url: http://www.openwall.com/lists/oss-security/2024/02/16/1

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-1311

Url: https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E

Url: https://www.mend.io/vulnerability-database/CVE-2018-1311

Severity Score

8.1

Weakness Type (CWE)

Use After Free

CWE-416

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-1311

Date: December 18, 2019

Language: C

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?