CVE-2017-12627

CWE-476NULL Pointer Dereference13 documents8 sources
Severity
9.8CRITICAL
EPSS
5.3%
top 9.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache Xerces C++Apache Xerces-c\+\+
Timeline
PublishedMar 1
Latest updateMay 13

Description

In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDapache/xerces-c\+\+< 3.2.1
Debianxerces-c< 3.2.1+debian-1+3

🔴Vulnerability Details

4
GHSA
GHSA-rh3v-mpfh-4wwj: In Apache Xerces-C XML Parser library before 32022-05-13
OSV
xerces-c vulnerabilities2021-03-15
CVEList
CVE-2017-12627: In Apache Xerces-C XML Parser library before 32018-03-01
OSV
CVE-2017-12627: In Apache Xerces-C XML Parser library before 32018-03-01

📋Vendor Advisories

3
Ubuntu
Xerces-C++ vulnerabilities2021-03-15
Red Hat
xerces-c: Null pointer dereference while processing the path to DTD allows denial of service2018-03-01
Debian
CVE-2017-12627: xerces-c - In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD p...2017

💬Community

5
Bugzilla
CVE-2017-12627 xerces-c: Null pointer dereference while processing the path to DTD allows denial of service [fedora-all]2018-03-05
Bugzilla
CVE-2017-12627 xerces-c: Null pointer dereference while processing the path to DTD allows denial of service [epel-6]2018-03-05
Bugzilla
CVE-2017-12627 xerces-c: Null pointer dereference while processing the path to DTD allows denial of service2018-03-05
Bugzilla
CVE-2017-12627 mingw-xerces-c: xerces-c: Null pointer dereference while processing the path to DTD allows denial of service [fedora-all]2018-03-05
Bugzilla
CVE-2017-12627 xerces-c27: xerces-c: Null pointer dereference while processing the path to DTD allows denial of service [fedora-all]2018-03-05
CVE-2017-12627 (CRITICAL CVSS 9.8) | In Apache Xerces-C XML Parser libra | cvebase.io