Published: 01/03/2018 Updated: 31/07/2021

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

In Apache Xerces-C XML Parser library prior to 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache xerces-c\\+\\+

Debian Bug report logs - #894050 xerces-c: CVE-2017-12627: Null pointer dereference while processing the path to DTD allows denial of service Package: src:xerces-c; Maintainer for src:xerces-c is William Blough <bblough@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Mar 2018 20:03:01 ...

In Apache Xerces-C XML Parser library before 321, processing of external DTD paths can result in a null pointer dereference under certain conditions ...

The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could conceivably result in remote code execution ...

CWE-476 http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt http://seclists.org/oss-sec/2018/q1/203 http://www.securityfocus.com/bid/103219 https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html https://kc.mcafee.com/corporate/index?page=content&id=SB10365 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894050 https://nvd.nist.gov https://security.archlinux.org/CVE-2017-12627

CVE-2017-12627

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect