PT-2019-5872 · Apache+6 · Apache Xerces-C+6

Publicado

2019-12-18

·

Atualizado

2025-11-04

·

CVE-2018-1311

CVSS v3.1

8.1

Alta

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apache Xerces-C versions 3.0.0 through 3.2.3
Description The issue is related to a use-after-free error in the XML parser, triggered during the scanning of external DTDs. This allows a remote attacker to access confidential information or cause a denial of service. The flaw is associated with incorrect DTD scanning.
Recommendations For Apache Xerces-C versions 3.0.0 through 3.2.3, disable DTD processing to mitigate the issue. This can be done via the DOM using a standard parser feature, or via SAX using the XERCES DISABLE DTD environment variable.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2022-3447
ALT-PU-2024-8078
ALT-PU-2024-8410
ALT-PU-2025-3748
BDU:2021-03489
CESA-2020_0702
CESA-2020_0704
CVE-2018-1311
DLA-2498-1
DLA-3704-1
DSA-4814-1
MGASA-2020-0296
OESA-2024-1160
OESA-2024-1232
OESA-2024-1233
OESA-2024-1234
OESA-2024-1235
OESA-2024-1236
OPENSUSE-SU-2021:1231-1
OPENSUSE-SU-2021:2958-1
OPENSUSE-SU-2021_1231-1
OPENSUSE-SU-2021_2958-1
OPENSUSE-SU-2024:13540-1
RHSA-2020:0702
RHSA-2020:0704
RHSA-2020_0702
RHSA-2020_0704
SUSE-SU-2021:2920-1
SUSE-SU-2021:2944-1
SUSE-SU-2021:2958-1
SUSE-SU-2021_2920-1
SUSE-SU-2021_2944-1
SUSE-SU-2021_2958-1
SUSE-SU-2024:0299-1
SUSE-SU-2024:0300-1
SUSE-SU-2024:0320-1
SUSE-SU-2024_0299-1
SUSE-SU-2024_0300-1
SUSE-SU-2024_0320-1
USN-6579-1
USN-6579-2
USN-6590-1

Produtos afetados

Alt Linux
Apache Xerces-C
Centos
Linuxmint
Red Hat
Suse
Ubuntu