[ https://issues.apache.org/jira/browse/XERCESC-2188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17738217#comment-17738217 ]
Benjamin Fritz edited comment on XERCESC-2188 at 6/30/23 10:35 PM: ------------------------------------------------------------------- FYI [~ilatypov] updates to CVEs in NVD can be requested here: https://cveform.mitre.org/ (sometimes they respond with a different place to report instead, I will try to remember to update if this is the case for this one) I have gone ahead and requested the affected versions be updated to reflect that there is currently no fixed version, referencing this issue page and the advisory, since at this time version 3.2.3 is still listed as the last impacted version in NVD. Edit: I have been instructed to forward my request to secur...@apache.org because Apache is the CNA for this CVE. I have done so. was (Author: JIRAUSER295541): FYI [~ilatypov] updates to CVEs in NVD can be requested here: https://cveform.mitre.org/ (sometimes they respond with a different place to report instead, I will try to remember to update if this is the case for this one) I have gone ahead and requested the affected versions be updated to reflect that there is currently no fixed version, referencing this issue page and the advisory, since at this time version 3.2.3 is still listed as the last impacted version in NVD. > Use-after-free on external DTD scan > ----------------------------------- > > Key: XERCESC-2188 > URL: https://issues.apache.org/jira/browse/XERCESC-2188 > Project: Xerces-C++ > Issue Type: Bug > Components: Validating Parser (DTD) > Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3, > 3.1.4, 3.2.1, 3.2.2 > Reporter: Scott Cantor > Priority: Major > Attachments: Apache-496067-disclosure-report.pdf > > > This is a record of an unfixed bug reported in 2018 in the DTD scanner, per > the attached PDF, corresponding to CVE-2018-1311. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org