PT-2019-5872 · Apache+6 · Apache Xerces-C+6

Published

2019-12-18

·

Updated

2025-11-04

·

CVE-2018-1311

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apache Xerces-C versions 3.0.0 through 3.2.3
Description The issue is related to a use-after-free error in the XML parser, triggered during the scanning of external DTDs. This allows a remote attacker to access confidential information or cause a denial of service. The flaw is associated with incorrect DTD scanning.
Recommendations For Apache Xerces-C versions 3.0.0 through 3.2.3, disable DTD processing to mitigate the issue. This can be done via the DOM using a standard parser feature, or via SAX using the XERCES DISABLE DTD environment variable.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2022-3447
ALT-PU-2024-8078
ALT-PU-2024-8410
ALT-PU-2025-3748
BDU:2021-03489
CESA-2020_0702
CESA-2020_0704
CVE-2018-1311
DLA-2498-1
DLA-3704-1
DSA-4814-1
MGASA-2020-0296
OESA-2024-1160
OESA-2024-1232
OESA-2024-1233
OESA-2024-1234
OESA-2024-1235
OESA-2024-1236
OPENSUSE-SU-2021:1231-1
OPENSUSE-SU-2021:2958-1
OPENSUSE-SU-2021_1231-1
OPENSUSE-SU-2021_2958-1
OPENSUSE-SU-2024:13540-1
RHSA-2020:0702
RHSA-2020:0704
RHSA-2020_0702
RHSA-2020_0704
SUSE-SU-2021:2920-1
SUSE-SU-2021:2944-1
SUSE-SU-2021:2958-1
SUSE-SU-2021_2920-1
SUSE-SU-2021_2944-1
SUSE-SU-2021_2958-1
SUSE-SU-2024:0299-1
SUSE-SU-2024:0300-1
SUSE-SU-2024:0320-1
SUSE-SU-2024_0299-1
SUSE-SU-2024_0300-1
SUSE-SU-2024_0320-1
USN-6579-1
USN-6579-2
USN-6590-1

Affected Products

Alt Linux
Apache Xerces-C
Centos
Linuxmint
Red Hat
Suse
Ubuntu