CVE-2018-1311: Use After Free
First published: Wed Dec 18 2019(Updated: )
Apache Xerces-C could allow a remote attacker to execute arbitrary code on the system, caused by an use-after-free error during the scanning of external DTDs. By sending a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
Credit: security@apache.org security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Xerces-c\+\+ | >=3.0.0<=3.2.3 | |
| Redhat Enterprise Linux Desktop | =6.0 | |
| Redhat Enterprise Linux Desktop | =7.0 | |
| Redhat Enterprise Linux Eus | =7.7 | |
| Redhat Enterprise Linux Server | =6.0 | |
| Redhat Enterprise Linux Server | =7.0 | |
| Redhat Enterprise Linux Server Aus | =7.7 | |
| Redhat Enterprise Linux Server Tus | =7.7 | |
| Redhat Enterprise Linux Workstation | =6.0 | |
| Redhat Enterprise Linux Workstation | =7.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Oracle GoldenGate | <21.4.0.0.0 | |
| debian/xerces-c | <=3.1.4+debian-2+deb9u1<=3.2.2+debian-1<=3.1.4+debian-1 | |
| IBM ISAM | <=9.0.7 | |
| IBM Security Verify Access | <=10.0.0 | |
| redhat/xerces-c | <3.2.3 | 3.2.3 |
| ubuntu/xerces-c | <3.2.0+ | 3.2.0+ |
| ubuntu/xerces-c | <3.2.2+ | 3.2.2+ |
| ubuntu/xerces-c | <3.2.3+ | 3.2.3+ |
| ubuntu/xerces-c | <3.2.4+ | 3.2.4+ |
| ubuntu/xerces-c | <3.2.4+ | 3.2.4+ |
| ubuntu/xerces-c | <3.1.1-5.1+ | 3.1.1-5.1+ |
| ubuntu/xerces-c | <3.2.5<3.2.4+ | 3.2.5 3.2.4+ |
| ubuntu/xerces-c | <3.1.3+ | 3.1.3+ |
| debian/xerces-c | 3.2.2+debian-1+deb10u1 3.2.2+debian-1+deb10u2 3.2.3+debian-3+deb11u1 3.2.4+debian-1 3.2.4+debian-1.3 | |
| Apache Xerces-c\+\+ | >=3.0.0<3.2.5 | |
| Fedoraproject Fedora | =38 | |
| Fedoraproject Fedora | =39 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2020:0702
- https://access.redhat.com/errata/RHSA-2020:0704
- https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b@%3Cc-dev.xerces.apache.org%3E
- https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35@%3Cc-users.xerces.apache.org%3E
- https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646@%3Cc-users.xerces.apache.org%3E
- https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625@%3Cc-users.xerces.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/12/msg00025.html
- https://marc.info/?l=xerces-c-users&m=157653840106914&w=2
- https://www.debian.org/security/2020/dsa-4814
- https://www.oracle.com/security-alerts/cpujan2022.html
- https://issues.apache.org/jira/browse/XERCESC-2188
- https://security-tracker.debian.org/tracker/CVE-2018-1311
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1311
- https://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt
- http://cwe.mitre.org/data/definitions/416.html
- https://nvd.nist.gov/vuln/detail/CVE-2018-1311
- http://vault.centos.org/7.7.1908/updates/Source/SPackages/xerces-c-3.1.1-10.el7_7.src.rpm
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1311
- https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12352411&styleName=Text&projectId=10510
- https://github.com/apache/xerces-c/pull/54
- https://github.com/apache/xerces-c/commit/e0024267504188e42ace4dd9031d936786914835
- https://salsa.debian.org/lts-team/packages/xerces-c.git
- https://salsa.debian.org/bblough/xerces-c/-/merge_requests/3
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947431
- https://exchange.xforce.ibmcloud.com/vulnerabilities/173437
- https://www.ibm.com/support/pages/node/6348046 (Advisory)
- https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b%40%3Cc-dev.xerces.apache.org%3E
- https://lists.apache.org/thread.html/rabbcc0249de1dda70cda96fd9bcff78217be7a57d96e7dcc8cd96646%40%3Cc-users.xerces.apache.org%3E
- https://lists.apache.org/thread.html/rfeb8abe36bcca91eb603deef49fbbe46870918830a66328a780b8625%40%3Cc-users.xerces.apache.org%3E
- https://lists.apache.org/thread.html/r90ec105571622a7dc3a43b846c12732d2e563561dfb2f72941625f35%40%3Cc-users.xerces.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
- https://lists.debian.org/debian-lts-announce/2023/12/msg00027.html
- http://www.openwall.com/lists/oss-security/2024/02/16/1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1788474
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1788475
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1788473
- https://access.redhat.com/security/cve/cve-2018-1311
- https://bugzilla.redhat.com/show_bug.cgi?id=1788472
- https://marc.info/?l=xerces-c-users&m=157653840106914&w=2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A6WWL4SWKAVYK6VK5YN7KZP4MZWC7IY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AJYZUBGPVWJ7LEHRCMB5XVADQBNGURXD/
- https://launchpad.net/bugs/cve/CVE-2018-1311
- http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt
- https://issues.apache.org/jira/projects/XERCESC/issues/XERCESC-2188
- https://github.com/apache/xerces-c/pull/47
- https://ubuntu.com/security/notices/USN-6579-1
- https://ubuntu.com/security/notices/USN-6579-2
- https://ubuntu.com/security/notices/USN-6590-1
- https://www.cve.org/CVERecord?id=CVE-2018-1311
- https://github.com/apache/xerces-c/commit/b38ab79e934b9c27de191ee7af6926c7af42069d
- https://ubuntu.com/security/CVE-2018-1311
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2018-1311?
CVE-2018-1311 is a vulnerability in the Apache Xerces-C XML parser that could allow a remote attacker to execute arbitrary code on the system.
How severe is CVE-2018-1311?
CVE-2018-1311 has a severity rating of 9.8 out of 10, which is classified as critical.
What is the root cause of CVE-2018-1311?
The root cause of CVE-2018-1311 is a use-after-free error triggered during the scanning of external Document Type Definitions (DTDs) in the Apache Xerces-C XML parser.
Is there a fix available for CVE-2018-1311?
At the time of writing, there is no fix available for CVE-2018-1311 in the maintained version of the Apache Xerces-C library. However, disabling DTD processing can mitigate the vulnerability.
How can I mitigate CVE-2018-1311?
To mitigate CVE-2018-1311, you can disable DTD processing in the Apache Xerces-C XML parser.
- collector/nvd-index
- collector/debian-bugs
- alias/CVE-2018-1311
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/description
- agent/weakness
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/launchpad-cve
- source/Launchpad
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/remedy
- agent/references
- collector/security-tracker-debian
- source/Debian
- collector/nvd-api
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/ibm-support
- source/IBM
- vendor/apache
- canonical/apache xerces-c\+\+
- version/apache xerces-c\+\+/3.0.0
- version/apache xerces-c\+\+/3.2.3
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- version/redhat enterprise linux desktop/7.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/7.7
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- version/redhat enterprise linux server/7.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/7.7
- canonical/redhat enterprise linux server tus
- version/redhat enterprise linux server tus/7.7
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0
- version/redhat enterprise linux workstation/7.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/oracle
- canonical/oracle goldengate
- package-manager/debian
- package-manager/redhat
- package-manager/ubuntu
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- version/fedoraproject fedora/39
- vendor/ibm
- canonical/ibm isam
- version/ibm isam/9.0.7
- canonical/ibm security verify access
- version/ibm security verify access/10.0.0