1. CVE-Search
  2. CVE-2017-12627
ID CVE-2017-12627
Summary In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:xerces-c\+\+:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:3.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:3.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:3.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:3.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:3.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:3.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:xerces-c\+\+:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:xerces-c\+\+:3.2.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 31-07-2021 - 08:15)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 103219
confirm http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
mlist
  • [debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update
  • [oss-security] 20180301 Apache Xerces-C Security Advisory for versions < 3.2.1 [CVE-2017-12627]
Last major update 31-07-2021 - 08:15
Published 01-03-2018 - 14:29
Last modified 31-07-2021 - 08:15
Back to Top