CVE-2018-14404
Severity
6.5MEDIUM
EPSS
20.0%
top 4.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 19
Latest updateJan 17
Description
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6
Affected Packages3 packages
Also affects: Ubuntu Linux 12.04, 14.04, 16.04, 18.04
🔴Vulnerability Details
5📋Vendor Advisories
4💬Community
4Bugzilla▶
CVE-2018-14404 libxml2: NULL pointer dereference in xmlXPathCompOpEval() function in xpath.c↗2018-06-28
Bugzilla▶
CVE-2018-14404 mingw-libxml2: libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service [epel-7]↗2018-06-28
Bugzilla▶
CVE-2018-14404 libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service [fedora-all]↗2018-06-28
Bugzilla▶
CVE-2018-14404 mingw-libxml2: libxml2: NULL pointer dereference in xpath.c:xmlXPathCompOpEval() can allow attackers to cause a denial of service [fedora-all]↗2018-06-28