| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA512 |
| |
| CVE-2018-1311: Apache Xerces-C use-after-free vulnerability processing external DTD |
| |
| Severity: High |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: Apache Xerces-C XML Parser library (all known versions) |
| |
| Description: The Xerces-C XML parser contains a use-after-free error |
| triggered during the scanning of external DTDs. |
| |
| The bug allows for a denial of service attack in applications that allow |
| external DTD processing and do not prevent external DTD usage, and could |
| conceivably result in remote code execution if the heap were groomed. |
| |
| Mitigation: This flaw has not been addressed in the maintained version |
| of the library and has no current mitigation other than to disable DTD |
| processing. This can be accomplished via the DOM using a standard parser |
| feature, or via SAX using the XERCES_DISABLE_DTD environment variable. |
| |
| Applications should strongly consider blocking remote entity resolution |
| and/or disabling of DTD processing in light of the continued |
| identification of bugs in this area of the library. |
| |
| Credit: This issue was reported by the UK's National Cyber Security |
| Centre (NCSC). |
| |
| References: |
| http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt |
| |
| -----BEGIN PGP SIGNATURE----- |
| |
| iQIzBAEBCgAdFiEE3KoVAHvtneaQzZUjN4uEVAIneWIFAl34DFIACgkQN4uEVAIn |
| eWIbtQ/9Gv7gURR24J5yx+R69O4bnGsgHPaHea7VWh4bs4H/mYli3ewZBwzkuTz1 |
| +Ib6RN8QXT9FA4+TVBCQua2/EBlpnpNMHPp6+GDWISrPYworJGV9FDrCDfqB+BR2 |
| Li68pH/wlFgqCLMsdUSm7lKU9n+rflW8kx3AsqBlggcrfGTh7XJaImHelOXuRqw/ |
| QumnckDQQkEgPHxGVE5h2uYvwj1HsyU/czqqWVAHC1rzdXI9syGGOO9xoNCjB70d |
| rMi+XEDTuyzqY6SIjM1NLbFyX8cs9CDM4IhQeG+XNQUE9VnvLu1dHY/IqvS9jDrO |
| HD4J0ID/rnbxSou3BTaMKGr/TkJHanniZhXJxZujDI7ksEbMBemB7ROwCcQLQ8Z8 |
| B3QKfCQwjIGmBMaDafElyrbIp74+Vpq3eY6itFOGCQE7f+rXu3qxEk5njsdBsJYV |
| s47v9f0v65O0FE5l7yPi3zhkonCfHaMTw08SboY2YqWJf9A1YJZOs1PF1SNU+D/p |
| rM2ydwP5F9OPlwm/uLCfRd+hl2etM0UJBcL1V/tP0ORoEZUF1+ZEZckDQ9Cnr2eY |
| 6Dgd+dmTk5nxjPmsQZPHb4QXsQHbq1HCU5/oJug56SatJ0H0ffj48XXjd1UlBEIk |
| v5Eo3+ahPxXBuSgc77naLcisSy3H3+qL6VDMpq6qK1IC/PXvaz0= |
| =zDeT |
| -----END PGP SIGNATURE----- |