Medium severity6.5NVD Advisory· Published Jul 19, 2018· Updated Jun 17, 2026
CVE-2018-14404
CVE-2018-14404
Description
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.8.5 | 1.8.5 |
Affected products
22- ghsa-coords22 versionspkg:gem/nokogiripkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rmt-server&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-libxml2-python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015
< 1.8.5+ 21 more
- (no CPE)range: < 1.8.5
- (no CPE)range: < 2.9.12-1.2
- (no CPE)range: < 2.6.13-1.1
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.13.3-1.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.7-3.3.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.7.6-0.77.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.4-46.15.1
- (no CPE)range: < 2.9.7-3.3.1
- (no CPE)range: < 1.1.1-3.13.1
Patches
Vulnerability mechanics
References
16- bugs.debian.org/cgi-bin/bugreport.cginvdMailing ListThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-6qvp-r6r3-9p7hghsaADVISORY
- gitlab.gnome.org/GNOME/libxml2/issues/10nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-14404ghsaADVISORY
- usn.ubuntu.com/3739-1/nvdThird Party Advisory
- usn.ubuntu.com/3739-2/nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:1543nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2018-14404.ymlghsaWEB
- github.com/sparklemotion/nokogiri/issues/1785ghsaWEB
- lists.debian.org/debian-lts-announce/2018/09/msg00035.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2020/09/msg00009.htmlnvdWEB
- security.netapp.com/advisory/ntap-20190719-0002ghsaWEB
- usn.ubuntu.com/3739-1ghsaWEB
- usn.ubuntu.com/3739-2ghsaWEB
- security.netapp.com/advisory/ntap-20190719-0002/nvd
News mentions
0No linked articles in our index yet.