CVE-2018-1311

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1311

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1311.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1311

Downstream

DEBIAN-CVE-2018-1311

DLA-2498-1

DSA-4814-1

OESA-2024-1160

OESA-2024-1232

OESA-2024-1233

OESA-2024-1234

OESA-2024-1235

OESA-2024-1236

RHSA-2020:0702

RHSA-2020:0704

SUSE-SU-2021:2920-1

SUSE-SU-2021:2944-1

SUSE-SU-2021:2958-1

SUSE-SU-2024:0299-1

SUSE-SU-2024:0300-1

SUSE-SU-2024:0320-1

UBUNTU-CVE-2018-1311

USN-6579-1

USN-6579-2

USN-6590-1

openSUSE-SU-2021:1231-1

openSUSE-SU-2021:2958-1

openSUSE-SU-2024:13540-1

Related

Published

2019-12-18T20:15:15Z

Modified

2025-08-09T20:01:25Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCESDISABLEDTD environment variable.

References

Affected packages