Critical severityNVD Advisory· Published Dec 24, 2018· Updated Aug 5, 2024
CVE-2018-20433
CVE-2018-20433
Description
c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.mchange:c3p0Maven | < 0.9.5.3 | 0.9.5.3 |
Affected products
45- ghsa-coords45 versionspkg:maven/com.mchange/c3p0pkg:rpm/opensuse/c3p0&distro=openSUSE%20Tumbleweedpkg:rpm/suse/c3p0&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/c3p0&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/dhcpd-formula&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/hub-xmlrpc-api&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/hub-xmlrpc-api&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/inter-server-sync&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/mgr-osad&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/mgr-push&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/prometheus-exporters-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/py26-compat-msgpack-python&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/py26-compat-msgpack-python&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/py27-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/rhnlib&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/saltboot-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-admin&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-branding&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-config&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/subscription-matcher&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/supportutils-plugin-susemanager&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.1pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/suseRegisterInfo&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/virtualization-formulas&distro=SUSE%20Manager%20Server%20Module%204.2
< 0.9.5.3+ 44 more
- (no CPE)range: < 0.9.5.3
- (no CPE)range: < 0.9.5.5-1.3
- (no CPE)range: < 0.9.5.5-3.3.2
- (no CPE)range: < 0.9.5.5-150300.4.6.1
- (no CPE)range: < 0.1.1641480250.d5bd14c-3.3.2
- (no CPE)range: < 0.7.0-150300.3.6.1
- (no CPE)range: < 0.7-3.9.2
- (no CPE)range: < 0.7-150300.3.6.1
- (no CPE)range: < 0.1.0-150300.8.12.1
- (no CPE)range: < 4.2.8-150300.2.9.1
- (no CPE)range: < 4.2.5-150300.2.9.1
- (no CPE)range: < 4.2-150300.4.9.1
- (no CPE)range: < 1.2.0-150300.3.9.1
- (no CPE)range: < 0.4.6-3.6.2
- (no CPE)range: < 0.4.6-150300.4.3.1
- (no CPE)range: < 3000.3-6.21.2
- (no CPE)range: < 4.2.6-150300.4.9.1
- (no CPE)range: < 0.1.1645440615.7f1328c-150300.3.9.1
- (no CPE)range: < 1.7.10-0.150300.3.3.1
- (no CPE)range: < 4.1.17-4.36.2
- (no CPE)range: < 4.2.16-150300.4.18.1
- (no CPE)range: < 4.2.10-150300.3.9.1
- (no CPE)range: < 4.2.20-150300.4.18.1
- (no CPE)range: < 4.2.13-150300.3.9.1
- (no CPE)range: < 4.2.15-150300.3.15.1
- (no CPE)range: < 4.2.18-150300.4.18.1
- (no CPE)range: < 4.2.6-150300.3.6.1
- (no CPE)range: < 4.1.44-3.66.2
- (no CPE)range: < 4.2.34-150300.3.26.2
- (no CPE)range: < 4.1.32-3.42.2
- (no CPE)range: < 4.2.26-150300.3.18.2
- (no CPE)range: < 0.29-150300.6.6.1
- (no CPE)range: < 4.2.4-150300.3.6.1
- (no CPE)range: < 4.1.33-3.45.2
- (no CPE)range: < 4.2.28-150300.3.22.1
- (no CPE)range: < 4.1-11.52.2
- (no CPE)range: < 4.2-150300.12.22.1
- (no CPE)range: < 4.1-11.52.2
- (no CPE)range: < 4.2-150300.12.22.1
- (no CPE)range: < 4.1.25-3.42.2
- (no CPE)range: < 4.2.21-150300.3.18.1
- (no CPE)range: < 4.1.34-3.59.2
- (no CPE)range: < 4.2.21-150300.3.20.1
- (no CPE)range: < 4.2.6-150300.4.9.1
- (no CPE)range: < 0.6.2-150300.8.6.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-q485-j897-qc27ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWR/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2018-20433ghsaADVISORY
- github.com/zhutougg/c3p0/commit/2eb0ea97f745740b18dd45e4a909112d4685f87bghsax_refsource_MISCWEB
- lists.debian.org/debian-lts-announce/2018/12/msg00021.htmlghsamailing-listx_refsource_MLISTWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFIVX6HOVNLAM7W3SUAMHYRNLCVQSAWRghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQ47OFV57Y2DAHMGA5H3JOL4WHRWRFN4ghsaWEB
News mentions
0No linked articles in our index yet.