Published: 19/07/2018 Updated: 10/09/2020

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 up to and including 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
debian debian linux -
canonical ubuntu linux 18.04
canonical ubuntu linux 16.04
canonical ubuntu linux 14.04
xmlsoft libxml2

Debian Bug report logs - #901817 libxml2: CVE-2018-14404: NULL pointer deref in xpathc:xmlXPathCompOpEval() Package: libxml2; Maintainer for libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Source for libxml2 is src:libxml2 (PTS, buildd, popcon) Reported by: Guy Inbar <guyinbara@gmailcom& ...

Several security issues were fixed in libxml2 ...

Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...

Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Topic An update for libxml2 is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 SP2 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 Service Pack 2 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has ...

Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Topic An update for libxml2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Moderate: OpenShift Container Platform 461 image security update Type/Severity Security Advisory: Moderate Topic An update is now available for Red Hat OpenShift Container Platform 46Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability S ...

A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...

A null pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application(CVE-2018-14404) ...

Critical Infrastructure Sectors: Critical Manufacturing

Debian CVE Tracker Debian CVE Tracker 上记录了很多安全漏洞，有些 Debian 会在当前版本修复，但有些不会。由于 deepin 会在当前版本上停留很久，所以需要修复这些安全漏洞。这就需要自行追踪 CVE Bug 的状态和添加 patch ，因此写了个程序 deepin-cve-tracker 来管理。本文将介绍 deepin-cve-tracker 的使�

Slaw is a lightweight library for rendering and generating Akoma Ntoso acts from plain text and PDF documents.

Slaw Slaw is a lightweight library for generating Akoma Ntoso 30 Act XML from plain text documents It is used to power Indigo and uses grammars developed for the legal tradition in South Africa, although others traditions are supported Slaw allows you to: parse plain text and transform it into an Akoma Ntoso Act XML document unparse Akoma Ntoso XML into a plain-text forma

Slaw is a lightweight library for rendering and generating Akoma Ntoso acts from plain text and PDF documents.

Slaw Slaw is a lightweight library for generating Akoma Ntoso 30 Act XML from plain text documents It is used to power Indigo and uses grammars developed for the legal tradition in South Africa, although others traditions are supported Slaw allows you to: parse plain text and transform it into an Akoma Ntoso Act XML document unparse Akoma Ntoso XML into a plain-text forma

Debian CVE Tracker Debian CVE Tracker 上记录了很多安全漏洞，有些 Debian 会在当前版本修复，但有些不会。由于 deepin 会在当前版本上停留很久，所以需要修复这些安全漏洞。这就需要自行追踪 CVE Bug 的状态和添加 patch ，因此写了个程序 deepin-cve-tracker 来管理。本文将介绍 deepin-cve-tracker 的使�

CWE-476 https://gitlab.gnome.org/GNOME/libxml2/issues/10 https://bugzilla.redhat.com/show_bug.cgi?id=1595985 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://usn.ubuntu.com/3739-2/https://usn.ubuntu.com/3739-1/https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html https://access.redhat.com/errata/RHSA-2019:1543 https://security.netapp.com/advisory/ntap-20190719-0002/https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817 https://nvd.nist.gov https://usn.ubuntu.com/3739-1/https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10

CVE-2018-14404

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

ICS Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect