XMLSoft libxml2 xmlXPathCompOpEval() Function NULL Pointer Dereference Vulnerability



A vulnerability in the xmlXPathCompOpEval() function of the XMLSoft libxml2 library could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the xmlXPathCompOpEval() function, as defined in the path.c source code file of the affected software, and is due to improper parsing of invalid XPath expressions in the XPATH_OP_AND and XPATH_OP_OR cases. An attacker could exploit this vulnerability by sending a request that submits malicious input to an application that is using the affected library on a targeted system. A successful exploit could trigger a NULL pointer dereference condition, causing the affected application to crash and resulting in a DoS condition.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

XMLSoft has confirmed the vulnerability and software updates are available.

Security Impact Rating: High

CVE: CVE-2018-14404

Source:: Cisco Multivendor Vulnerability Alerts