CVE-2018-14404
Description
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference in libxml2's xmlXPathCompOpEval() can crash applications processing untrusted XSL/XPath input, leading to denial of service.
Vulnerability
A NULL pointer dereference vulnerability exists in the xmlXPathCompOpEval() function in xpath.c of libxml2 through version 2.9.8 [1][2]. The issue occurs when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case [1]. Applications that process untrusted XSL format inputs using the libxml2 library may be affected [1].
Exploitation
An attacker needs to supply a crafted XSL or XPath input to an application that uses libxml2 for parsing [1]. The attack does not require authentication if the application accepts untrusted input over the network or from local files. The vulnerable code path is triggered when the XPath expression is evaluated, leading to a dereference of a null pointer [1].
Impact
Successful exploitation causes a crash of the application due to a NULL pointer dereference, resulting in a denial of service (DoS) condition [1][3][4]. No code execution or privilege escalation is reported; the impact is limited to availability [1].
Mitigation
Red Hat released an update for libxml2 as part of RHSA-2019:1543 on June 18, 2019, which addresses this issue [3]. Ubuntu released updates in USN-3739-1 (for Ubuntu 18.04 LTS and other releases) on August 14, 2018, and USN-3739-2 (for Ubuntu 12.04) on the same date [2][4]. Users should update libxml2 to the fixed versions provided by their respective vendors. No workarounds are described in the available references.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.8.5 | 1.8.5 |
Affected products
22- ghsa-coords22 versionspkg:gem/nokogiripkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rmt-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015
< 1.8.5+ 21 more
- (no CPE)range: < 1.8.5
- (no CPE)range: < 2.9.12-1.2
- (no CPE)range: < 2.6.13-1.1
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.13.3-1.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.7-3.3.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.7-3.3.1
- (no CPE)range: < 1.1.1-3.13.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- access.redhat.com/errata/RHSA-2019:1543ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-6qvp-r6r3-9p7hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-14404ghsaADVISORY
- usn.ubuntu.com/3739-1/mitrevendor-advisoryx_refsource_UBUNTU
- usn.ubuntu.com/3739-2/mitrevendor-advisoryx_refsource_UBUNTU
- bugs.debian.org/cgi-bin/bugreport.cgighsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.ymlghsaWEB
- github.com/sparklemotion/nokogiri/issues/1785ghsaWEB
- gitlab.gnome.org/GNOME/libxml2/issues/10ghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2018/09/msg00035.htmlghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2020/09/msg00009.htmlghsamailing-listx_refsource_MLISTWEB
- security.netapp.com/advisory/ntap-20190719-0002ghsaWEB
- security.netapp.com/advisory/ntap-20190719-0002/mitrex_refsource_CONFIRM
- usn.ubuntu.com/3739-1ghsaWEB
- usn.ubuntu.com/3739-2ghsaWEB
News mentions
0No linked articles in our index yet.