Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Apache Xerces C++ by Apache Software Foundation

    CVE-2024-23807 (GCVE-0-2024-23807)

    Vulnerability from nvd – Published: 2024-02-28 13:50 – Updated: 2026-01-22 04:55
    VLAI
    Title
    Apache Xerces C++: Use-after-free on external DTD scan
    Summary
    The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Xerces C++ Affected: 3.0.0 , < 3.2.5 (semver)
    Create a notification for this product.
    apache xerces-c Affected: 3.0.0 , < 3.2.5 (custom)
        cpe:2.3:a:apache:xerces-c:3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apache:xerces-c:3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xerces-c",
                "vendor": "apache",
                "versions": [
                  {
                    "lessThan": "3.2.5",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23807",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-21T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T04:55:53.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:13:08.245Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/apache/xerces-c/pull/54"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Xerces C++",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThan": "3.2.5",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eThe Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.\n\nUsers are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.\n\nThis issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.\n\n"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-28T13:50:39.904Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/apache/xerces-c/pull/54"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r"
            }
          ],
          "source": {
            "defect": [
              "XERCESC-2188"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Apache Xerces C++: Use-after-free on external DTD scan",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2024-23807",
        "datePublished": "2024-02-28T13:50:39.904Z",
        "dateReserved": "2024-01-22T16:40:42.873Z",
        "dateUpdated": "2026-01-22T04:55:53.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-12627 (GCVE-0-2017-12627)

    Vulnerability from nvd – Published: 2018-03-01 14:00 – Updated: 2024-09-17 01:15
    VLAI
    Summary
    In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    Impacted products
    Date Public
    2018-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:43:56.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
              },
              {
                "name": "103219",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103219"
              },
              {
                "name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2018/q1/203"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Xerces C++",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-31T07:06:52.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
            },
            {
              "name": "103219",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103219"
            },
            {
              "name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2018/q1/203"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2018-02-28T00:00:00",
              "ID": "CVE-2017-12627",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Xerces C++",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 3.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
                },
                {
                  "name": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt",
                  "refsource": "CONFIRM",
                  "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
                },
                {
                  "name": "103219",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103219"
                },
                {
                  "name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2018/q1/203"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2017-12627",
        "datePublished": "2018-03-01T14:00:00.000Z",
        "dateReserved": "2017-08-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:15:50.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-23807 (GCVE-0-2024-23807)

    Vulnerability from cvelistv5 – Published: 2024-02-28 13:50 – Updated: 2026-01-22 04:55
    VLAI
    Title
    Apache Xerces C++: Use-after-free on external DTD scan
    Summary
    The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Xerces C++ Affected: 3.0.0 , < 3.2.5 (semver)
    Create a notification for this product.
    apache xerces-c Affected: 3.0.0 , < 3.2.5 (custom)
        cpe:2.3:a:apache:xerces-c:3.0.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apache:xerces-c:3.0.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "xerces-c",
                "vendor": "apache",
                "versions": [
                  {
                    "lessThan": "3.2.5",
                    "status": "affected",
                    "version": "3.0.0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-23807",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-21T00:00:00+00:00",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-416",
                    "description": "CWE-416 Use After Free",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-22T04:55:53.687Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:13:08.245Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "patch",
                  "x_transferred"
                ],
                "url": "https://github.com/apache/xerces-c/pull/54"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Xerces C++",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThan": "3.2.5",
                  "status": "affected",
                  "version": "3.0.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eThe Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.\u003cbr\u003e\u003c/div\u003e"
                }
              ],
              "value": "The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.\n\nUsers are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.\n\nThis issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.\n\n"
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-28T13:50:39.904Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/apache/xerces-c/pull/54"
            },
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r"
            }
          ],
          "source": {
            "defect": [
              "XERCESC-2188"
            ],
            "discovery": "UNKNOWN"
          },
          "title": "Apache Xerces C++: Use-after-free on external DTD scan",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2024-23807",
        "datePublished": "2024-02-28T13:50:39.904Z",
        "dateReserved": "2024-01-22T16:40:42.873Z",
        "dateUpdated": "2026-01-22T04:55:53.687Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2017-12627 (GCVE-0-2017-12627)

    Vulnerability from cvelistv5 – Published: 2018-03-01 14:00 – Updated: 2024-09-17 01:15
    VLAI
    Summary
    In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service
    Assigner
    References
    Impacted products
    Date Public
    2018-02-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:43:56.416Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
              },
              {
                "name": "103219",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103219"
              },
              {
                "name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://seclists.org/oss-sec/2018/q1/203"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Xerces C++",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.2.1"
                }
              ]
            }
          ],
          "datePublic": "2018-02-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-31T07:06:52.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
            },
            {
              "name": "103219",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103219"
            },
            {
              "name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://seclists.org/oss-sec/2018/q1/203"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2018-02-28T00:00:00",
              "ID": "CVE-2017-12627",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Xerces C++",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c 3.2.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Denial of Service"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html"
                },
                {
                  "name": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt",
                  "refsource": "CONFIRM",
                  "url": "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt"
                },
                {
                  "name": "103219",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103219"
                },
                {
                  "name": "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions \u003c 3.2.1 [CVE-2017-12627]",
                  "refsource": "MLIST",
                  "url": "http://seclists.org/oss-sec/2018/q1/203"
                },
                {
                  "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
                  "refsource": "CONFIRM",
                  "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2017-12627",
        "datePublished": "2018-03-01T14:00:00.000Z",
        "dateReserved": "2017-08-07T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:15:50.981Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }