CVE-2018-14404

Name
CVE-2018-14404
Description
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://gitlab.gnome.org/GNOME/libxml2/issues/10
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1595985
Mailing List https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901817
Third Party Advisory https://usn.ubuntu.com/3739-2/
Third Party Advisory https://usn.ubuntu.com/3739-1/
MLIST https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
REDHAT https://access.redhat.com/errata/RHSA-2019:1543
CONFIRM https://security.netapp.com/advisory/ntap-20190719-0002/
MLIST https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* ubuntu_linux == None == 12.04
cpe:2.3:o:debian:debian_linux:-:*:*:*:*:*:*:* debian_linux == None == -
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* ubuntu_linux == None == 18.04
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* ubuntu_linux == None == 16.04
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* ubuntu_linux == None == 14.04

Vulnerable and fixed packages

Source package Branch Version Maintainer Status