The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Apache Xerces-C: use after free via External DTD

Synthesis of the vulnerability 

An attacker can force the usage of a freed memory area via External DTD of Apache Xerces-C, in order to trigger a denial of service, and possibly to run code.
Impacted systems: Xerces-C++, RHEL.
Severity of this alert: 3/4.
Creation date: 17/12/2019.
Références of this alert: CVE-2018-1311, RHSA-2020:0702-01, RHSA-2020:0704-01, VIGILANCE-VUL-31169.

Description of the vulnerability 

An attacker can force the usage of a freed memory area via External DTD of Apache Xerces-C, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability note impacts software or systems such as Xerces-C++, RHEL.

Our Vigil@nce team determined that the severity of this cybersecurity vulnerability is important.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this computer threat note.

Solutions for this threat 

Apache Xerces-C: workaround for External DTD.
A workaround is indicated in the information source.

RHEL 6.10: new xerces-c packages.
New packages are available:
  RHEL 6.10: xerces-c 3.0.1-21.el6_10

RHEL 7.7: new xerces-c packages.
New packages are available:
  RHEL 7.7: xerces-c 3.1.1-10.el7_7
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a system vulnerability note. The Vigil@nce vulnerability database contains several thousand vulnerabilities.