CVE-2018-14404

Public on 2018-09-05
Modified on 2020-08-12
Description
A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application.
Severity
Medium
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 2 libxml2 2020-07-21 16:34 ALAS2-2020-1466
Amazon Linux 1 libxml2 2020-08-10 22:59 ALAS-2020-1415
Amazon Linux 1 libxml2 2018-09-05 19:31 ALAS-2018-1072
Amazon Linux 1 libxml2 2020-08-10 22:59 ALAS-2020-1415
Amazon Linux 1 libxml2 2018-09-05 19:31 ALAS-2018-1072

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P
NVD CVSSv3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H