CVE-2017-12627

Sažetak

In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.

Reference

http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
http://seclists.org/oss-sec/2018/q1/203
http://www.securityfocus.com/bid/103219
https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

31-07-2021 - 08:15

Objavljeno

01-03-2018 - 14:29