CVE-2018-1311
HIGHApache Xerces-C++ 3.0.0-3.2.3 - Use-After-Free in External DTD Scanning
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-1311. PoCs published by johnjamesmccann.
AI-analyzed exploit summary The repository contains source code and documentation for Xerces-C++ 3.2.3, but no exploit PoC or vulnerability details for CVE-2018-1311 are present. The files listed are standard project files, not exploit code.
Description
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
Exploits (1)
The repository contains source code and documentation for Xerces-C++ 3.2.3, but no exploit PoC or vulnerability details for CVE-2018-1311 are present. The files listed are standard project files, not exploit code.
References (15)
Scores
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H